Introduce permission to set a project public (#38048).

Patch by Felix Schäfer. git-svn-id: https://svn.redmine.org/redmine/trunk@22038 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-10-26 07:46:17 +01:00 · 2023-01-12 02:59:54 +00:00
parent 29ec300945
commit eb8916bc87
8 changed files with 93 additions and 4 deletions
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -823,7 +823,6 @@ class Project < ActiveRecord::Base
    'name',
    'description',
    'homepage',
-    'is_public',
    'identifier',
    'custom_field_values',
    'custom_fields',
@@ -834,6 +833,22 @@ class Project < ActiveRecord::Base
    'default_issue_query_id',
    'default_assigned_to_id')

+  safe_attributes(
+    'is_public',
+    :if =>
+      lambda do |project, user|
+        if project.new_record?
+          if user.admin?
+            true
+          else
+            default_member_role&.has_permission?(:select_project_publicity)
+          end
+        else
+          user.allowed_to?(:select_project_publicity, project)
+        end
+      end
+  )
+
  safe_attributes(
    'enabled_module_names',
    :if =>
--- a/app/views/projects/_form.html.erb
+++ b/app/views/projects/_form.html.erb
@@ -11,7 +11,7 @@
 <% end %></p>
 <p><%= f.text_field :homepage, :size => 60 %></p>
 <p>
-  <%= f.check_box :is_public %>
+  <%= f.check_box :is_public, :disabled => !@project.safe_attribute?(:is_public) %>
  <em class="info"><%= Setting.login_required? ? l(:text_project_is_public_non_member) : l(:text_project_is_public_anonymous) %></em>
 </p>

--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -953,6 +953,7 @@ de:
  permission_rename_wiki_pages: Wiki-Seiten umbenennen
  permission_save_queries: Filter speichern
  permission_select_project_modules: Projektmodule auswählen
+  permission_select_project_publicity: Projekt als privat oder öffentlich markieren
  permission_set_issues_private: Tickets als privat oder öffentlich markieren
  permission_set_notes_private: Kommentar als privat markieren
  permission_set_own_issues_private: Eigene Tickets als privat oder öffentlich markieren
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -522,6 +522,7 @@ en:
  permission_edit_project: Edit project
  permission_close_project: Close / reopen the project
  permission_delete_project: Delete the project
+  permission_select_project_publicity: Set project public or private
  permission_select_project_modules: Select project modules
  permission_manage_members: Manage members
  permission_manage_project_activities: Manage project activities
--- a/db/migrate/20221214173537_add_select_project_publicity_permission.rb
+++ b/db/migrate/20221214173537_add_select_project_publicity_permission.rb
@@ -0,0 +1,15 @@
+class AddSelectProjectPublicityPermission < ActiveRecord::Migration[5.2]
+  def up
+    Role.find_each do |r|
+      r.add_permission!(:select_project_publicity) if r.permissions.include?(:edit_project)
+    end
+  end
+
+  def down
+    Role.find_each do |r|
+      r.remove_permission!(:select_project_publicity)
+    end
+  end
+
+  def run_in_request?; true end
+end
--- a/lib/redmine/preparation.rb
+++ b/lib/redmine/preparation.rb
@@ -39,6 +39,7 @@ module Redmine
        map.permission :edit_project, {:projects => [:settings, :edit, :update]}, :require => :member
        map.permission :close_project, {:projects => [:close, :reopen]}, :require => :member, :read => true
        map.permission :delete_project, {:projects => :destroy}, :require => :member, :read => true
+        map.permission :select_project_publicity, {}, :require => :member
        map.permission :select_project_modules, {:projects => :modules}, :require => :member
        map.permission :view_members, {:members => [:index, :show]}, :public => true, :read => true
        map.permission :manage_members, {:projects => :settings, :members => [:index, :show, :new, :create, :edit, :update, :destroy, :autocomplete]}, :require => :member
--- a/test/fixtures/roles.yml
+++ b/test/fixtures/roles.yml
@@ -11,6 +11,7 @@ roles_001:
    - :edit_project
    - :close_project
    - :delete_project
+    - :select_project_publicity
    - :select_project_modules
    - :manage_members
    - :manage_versions
@@ -85,6 +86,7 @@ roles_002:
    ---
    - :edit_project
    - :delete_project
+    - :select_project_publicity
    - :manage_members
    - :manage_versions
    - :manage_categories
@@ -137,6 +139,7 @@ roles_003:
  permissions: |
    ---
    - :edit_project
+    - :select_project_publicity
    - :manage_members
    - :manage_versions
    - :manage_categories
--- a/test/functional/projects_controller_test.rb
+++ b/test/functional/projects_controller_test.rb
@@ -407,6 +407,22 @@ class ProjectsControllerTest < Redmine::ControllerTest
    end
  end

+  def test_new_by_non_admin_should_enable_setting_public_if_default_role_is_allowed_to_set_public
+    Role.non_member.add_permission!(:add_project)
+    default_role = Role.generate!(permissions: [:add_project])
+    user = User.generate!
+    @request.session[:user_id] = user.id
+
+    with_settings new_project_user_role_id: default_role.id.to_s do
+      get :new
+      assert_select 'input[name=?][disabled=disabled]', 'project[is_public]'
+
+      default_role.add_permission!(:select_project_publicity)
+      get :new
+      assert_select 'input[name=?]:not([disabled])', 'project[is_public]'
+    end
+  end
+
  def test_new_should_not_display_invalid_search_link
    @request.session[:user_id] = 1

@@ -504,7 +520,6 @@ class ProjectsControllerTest < Redmine::ControllerTest
          :name => "blog",
          :description => "weblog",
          :identifier => "blog",
-          :is_public => 1,
          :custom_field_values => {
            '3' => 'Beta'
          },
@@ -518,7 +533,6 @@ class ProjectsControllerTest < Redmine::ControllerTest
    project = Project.find_by_name('blog')
    assert_kind_of Project, project
    assert_equal 'weblog', project.description
-    assert_equal true, project.is_public?
    assert_equal [1, 3], project.trackers.map(&:id).sort
    assert_equal ['issue_tracking', 'news', 'repository'], project.enabled_module_names.sort

@@ -527,6 +541,45 @@ class ProjectsControllerTest < Redmine::ControllerTest
    assert_equal 1, project.members.size
  end

+  test "#create by user without select_project_publicity permission should not create a new private project" do
+    Role.non_member.add_permission! :add_project
+    default_role = Project.default_member_role
+    default_role.remove_permission!(:select_project_publicity)
+    @request.session[:user_id] = 9
+
+    post(
+      :create, :params => {
+        :project => {
+          :name => "blog",
+          :identifier => "blog",
+          :enabled_module_names => ['issue_tracking', 'news', 'repository'],
+          :is_public => 0
+        }
+      }
+    )
+
+    project = Project.find_by_name('blog')
+    assert_equal true, project.is_public?
+  end
+
+  test "#create by non-admin user with add_project and select_project_publicity permission should create a new private project" do
+    @request.session[:user_id] = 2
+
+    post(
+      :create, :params => {
+        :project => {
+          :name => "blog",
+          :identifier => "blog",
+          :enabled_module_names => ['issue_tracking', 'news', 'repository'],
+          :is_public => 0
+        }
+      }
+    )
+
+    project = Project.find_by_name('blog')
+    assert_equal false, project.is_public?
+  end
+
  test "#create by non-admin user with add_project permission should fail with parent_id" do
    Role.non_member.add_permission! :add_project
    User.find(9).update! :language => 'en'