Disable "Select project modules" permission does not apply to the new project form (#23470).

git-svn-id: http://svn.redmine.org/redmine/trunk@15752 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-12-19 15:01:14 +00:00 · 2016-08-30 19:32:52 +00:00 · 2016-08-30 19:32:52 +00:00 · b405a0be53
commit b405a0be53
parent 9f9232381a
3 changed files with 63 additions and 3 deletions
--- a/app/models/project.rb
+++ b/app/models/project.rb
@ -500,12 +500,18 @@ class Project < ActiveRecord::Base
  # Adds user as a project member with the default role
  # Used for when a non-admin user creates a project
  def add_default_member(user)
-    role = Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first
+    role = self.class.default_member_role
    member = Member.new(:project => self, :principal => user, :roles => [role])
    self.members << member
    member
  end

+	# Default role that is given to non-admin users that
+	# create a project
+  def self.default_member_role
+    Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first
+  end
+
  # Deletes all project's members
  def delete_all_members
    me, mr = Member.table_name, MemberRole.table_name
@ -716,7 +722,17 @@ class Project < ActiveRecord::Base
    'default_version_id'

  safe_attributes 'enabled_module_names',
-    :if => lambda {|project, user| project.new_record? || user.allowed_to?(:select_project_modules, project) }
+    :if => lambda {|project, user|
+        if project.new_record?
+          if user.admin?
+            true
+          else
+            default_member_role.has_permission?(:select_project_modules)
+          end
+        else
+          user.allowed_to?(:select_project_modules, project)
+        end
+      }

  safe_attributes 'inherit_members',
    :if => lambda {|project, user| project.parent.nil? || project.parent.visible?(user)}
--- a/app/views/projects/_form.html.erb
+++ b/app/views/projects/_form.html.erb
@ -32,7 +32,7 @@
 <%= call_hook(:view_projects_form, :project => @project, :form => f) %>
 </div>

-<% if @project.new_record? %>
+<% if @project.new_record? && @project.safe_attribute?('enabled_module_names') %>
 <fieldset class="box tabular"><legend><%= l(:label_module_plural) %></legend>
 <% Redmine::AccessControl.available_project_modules.each do |m| %>
    <label class="floating">
--- a/test/functional/projects_controller_test.rb
+++ b/test/functional/projects_controller_test.rb
@ -111,6 +111,22 @@ class ProjectsControllerTest < Redmine::ControllerTest
    end
  end

+  def test_new_by_non_admin_should_display_modules_if_default_role_is_allowed_to_select_modules
+    Role.non_member.add_permission!(:add_project)
+    default_role = Role.generate!(:permissions => [:view_issues])
+    user = User.generate!
+    @request.session[:user_id] = user.id
+
+    with_settings :new_project_user_role_id => default_role.id.to_s do
+      get :new
+      assert_select 'input[name=?]', 'project[enabled_module_names][]', 0
+
+      default_role.add_permission!(:select_project_modules)
+      get :new
+      assert_select 'input[name=?]', 'project[enabled_module_names][]'
+    end
+  end
+
  def test_new_should_not_display_invalid_search_link
    @request.session[:user_id] = 1

@ -277,6 +293,34 @@ class ProjectsControllerTest < Redmine::ControllerTest
    assert_select_error /Subproject of is invalid/
  end

+  def test_create_by_non_admin_should_accept_modules_if_default_role_is_allowed_to_select_modules
+    Role.non_member.add_permission!(:add_project)
+    default_role = Role.generate!(:permissions => [:view_issues, :add_project])
+    user = User.generate!
+    @request.session[:user_id] = user.id
+
+    with_settings :new_project_user_role_id => default_role.id.to_s, :default_projects_modules => %w(news files) do
+      project = new_record(Project) do
+        post :create, :project => {
+            :name => "blog1",
+            :identifier => "blog1",
+            :enabled_module_names => ["issue_tracking", "repository"]
+          }
+      end
+      assert_equal %w(files news), project.enabled_module_names.sort
+
+      default_role.add_permission!(:select_project_modules)
+      project = new_record(Project) do
+        post :create, :project => {
+            :name => "blog2",
+            :identifier => "blog2",
+            :enabled_module_names => ["issue_tracking", "repository"]
+          }
+      end
+      assert_equal %w(issue_tracking repository), project.enabled_module_names.sort
+    end
+  end
+
  def test_create_subproject_with_inherit_members_should_inherit_members
    Role.find_by_name('Manager').add_permission! :add_subprojects
    parent = Project.find(1)