Commit da641f41 authored by Jean-Philippe Lang's avatar Jean-Philippe Lang

Global queries can be saved from the global issue list (follows r1311 and closes #897).

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1312 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 287d86e3
......@@ -19,7 +19,7 @@ class QueriesController < ApplicationController
layout 'base'
menu_item :issues
before_filter :find_query, :except => :new
before_filter :find_project, :authorize, :only => :new
before_filter :find_optional_project, :only => :new
def new
@query = Query.new(params[:query])
......@@ -72,8 +72,9 @@ private
render_404
end
def find_project
@project = Project.find(params[:project_id])
def find_optional_project
@project = Project.find(params[:project_id]) if params[:project_id]
User.current.allowed_to?(:save_queries, @project, :global => true)
rescue ActiveRecord::RecordNotFound
render_404
end
......
......@@ -222,17 +222,26 @@ class User < ActiveRecord::Base
# action can be:
# * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
# * a permission Symbol (eg. :edit_project)
def allowed_to?(action, project)
# No action allowed on archived projects
return false unless project.active?
# No action allowed on disabled modules
return false unless project.allows_to?(action)
# Admin users are authorized for anything else
return true if admin?
role = role_for_project(project)
return false unless role
role.allowed_to?(action) && (project.is_public? || role.member?)
def allowed_to?(action, project, options={})
if project
# No action allowed on archived projects
return false unless project.active?
# No action allowed on disabled modules
return false unless project.allows_to?(action)
# Admin users are authorized for anything else
return true if admin?
role = role_for_project(project)
return false unless role
role.allowed_to?(action) && (project.is_public? || role.member?)
elsif options[:global]
# authorize if user has at least one role that has this permission
roles = memberships.collect {|m| m.role}.uniq
roles.detect {|r| r.allowed_to?(action)}
else
false
end
end
def self.current=(user)
......
<% if @project %>
<h3><%= l(:label_issue_plural) %></h3>
<%= link_to l(:label_issue_view_all), { :controller => 'issues', :action => 'index', :project_id => @project, :set_filter => 1 } %><br />
<% if @project %>
<%= link_to l(:field_summary), :controller => 'reports', :action => 'issue_report', :id => @project %><br />
<%= link_to l(:label_change_log), :controller => 'projects', :action => 'changelog', :id => @project %>
<% end %>
......
......@@ -18,7 +18,7 @@
:update => "content",
}, :class => 'icon icon-reload' %>
<% if current_role && current_role.allowed_to?(:save_queries) %>
<% if User.current.allowed_to?(:save_queries, @project, :global => true) %>
<%= link_to l(:button_save), {}, :onclick => "$('query_form').submit(); return false;", :class => 'icon icon-save' %>
<% end %>
</p>
......
......@@ -31,7 +31,7 @@ class QueriesControllerTest < Test::Unit::TestCase
User.current = nil
end
def test_get_new
def test_get_new_project_query
@request.session[:user_id] = 2
get :new, :project_id => 1
assert_response :success
......@@ -45,6 +45,19 @@ class QueriesControllerTest < Test::Unit::TestCase
:disabled => nil }
end
def test_get_new_global_query
@request.session[:user_id] = 2
get :new
assert_response :success
assert_template 'new'
assert_no_tag :tag => 'input', :attributes => { :type => 'checkbox',
:name => 'query[is_public]' }
assert_tag :tag => 'input', :attributes => { :type => 'checkbox',
:name => 'query_is_for_all',
:checked => 'checked',
:disabled => nil }
end
def test_new_project_public_query
@request.session[:user_id] = 2
post :new,
......@@ -54,8 +67,7 @@ class QueriesControllerTest < Test::Unit::TestCase
:fields => ["status_id", "assigned_to_id"],
:operators => {"assigned_to_id" => "=", "status_id" => "o"},
:values => { "assigned_to_id" => ["1"], "status_id" => ["1"]},
:query => {"name" => "test_new_project_public_query", "is_public" => "1"},
:column_names => ["", "tracker", "status", "priority", "subject", "updated_on", "category"]
:query => {"name" => "test_new_project_public_query", "is_public" => "1"}
q = Query.find_by_name('test_new_project_public_query')
assert_redirected_to :controller => 'issues', :action => 'index', :query_id => q
......@@ -73,8 +85,7 @@ class QueriesControllerTest < Test::Unit::TestCase
:fields => ["status_id", "assigned_to_id"],
:operators => {"assigned_to_id" => "=", "status_id" => "o"},
:values => { "assigned_to_id" => ["1"], "status_id" => ["1"]},
:query => {"name" => "test_new_project_private_query", "is_public" => "1"},
:column_names => ["", "tracker", "status", "priority", "subject", "updated_on", "category"]
:query => {"name" => "test_new_project_private_query", "is_public" => "1"}
q = Query.find_by_name('test_new_project_private_query')
assert_redirected_to :controller => 'issues', :action => 'index', :query_id => q
......@@ -83,6 +94,23 @@ class QueriesControllerTest < Test::Unit::TestCase
assert q.valid?
end
def test_new_global_private_query_with_custom_columns
@request.session[:user_id] = 3
post :new,
:confirm => '1',
:fields => ["status_id", "assigned_to_id"],
:operators => {"assigned_to_id" => "=", "status_id" => "o"},
:values => { "assigned_to_id" => ["me"], "status_id" => ["1"]},
:query => {"name" => "test_new_global_private_query", "is_public" => "1", "column_names" => ["", "tracker", "subject", "priority", "category"]}
q = Query.find_by_name('test_new_global_private_query')
assert_redirected_to :controller => 'issues', :action => 'index', :query_id => q
assert !q.is_public?
assert !q.has_default_columns?
assert_equal [:tracker, :subject, :priority, :category], q.columns.collect {|c| c.name}
assert q.valid?
end
def test_get_edit_global_public_query
@request.session[:user_id] = 1
get :edit, :id => 4
......@@ -106,8 +134,7 @@ class QueriesControllerTest < Test::Unit::TestCase
:fields => ["status_id", "assigned_to_id"],
:operators => {"assigned_to_id" => "=", "status_id" => "o"},
:values => { "assigned_to_id" => ["1"], "status_id" => ["1"]},
:query => {"name" => "test_edit_global_public_query", "is_public" => "1"},
:column_names => ["", "tracker", "status", "priority", "subject", "updated_on", "category"]
:query => {"name" => "test_edit_global_public_query", "is_public" => "1"}
assert_redirected_to :controller => 'issues', :action => 'index', :query_id => 4
q = Query.find_by_name('test_edit_global_public_query')
......@@ -138,8 +165,7 @@ class QueriesControllerTest < Test::Unit::TestCase
:fields => ["status_id", "assigned_to_id"],
:operators => {"assigned_to_id" => "=", "status_id" => "o"},
:values => { "assigned_to_id" => ["me"], "status_id" => ["1"]},
:query => {"name" => "test_edit_global_private_query", "is_public" => "1"},
:column_names => ["", "tracker", "status", "priority", "subject", "updated_on", "category"]
:query => {"name" => "test_edit_global_private_query", "is_public" => "1"}
assert_redirected_to :controller => 'issues', :action => 'index', :query_id => 3
q = Query.find_by_name('test_edit_global_private_query')
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment