Commit 5ad8a9b4 authored by jplang's avatar jplang

Error message when editing a child project without add project/subprojects permissions (#20282).

git-svn-id: https://svn.redmine.org/redmine/trunk@14619 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent f9c5fd4e
......@@ -700,12 +700,14 @@ class Project < ActiveRecord::Base
attrs = attrs.deep_dup
@unallowed_parent_id = nil
parent_id_param = attrs['parent_id'].to_s
if parent_id_param.blank? || parent_id_param != parent_id.to_s
p = parent_id_param.present? ? Project.find_by_id(parent_id_param) : nil
unless allowed_parents(user).include?(p)
attrs.delete('parent_id')
@unallowed_parent_id = true
if new_record? || attrs.key?('parent_id')
parent_id_param = attrs['parent_id'].to_s
if new_record? || parent_id_param != parent_id.to_s
p = parent_id_param.present? ? Project.find_by_id(parent_id_param) : nil
unless allowed_parents(user).include?(p)
attrs.delete('parent_id')
@unallowed_parent_id = true
end
end
end
......
......@@ -495,6 +495,17 @@ class ProjectsControllerTest < ActionController::TestCase
assert_equal 'eCookbook', Project.find(1).name
end
def test_update_child_project_without_parent_permission_should_not_show_validation_error
child = Project.generate_with_parent!
user = User.generate!
User.add_to_project(user, child, Role.generate!(:permissions => [:edit_project]))
@request.session[:user_id] = user.id
post :update, :id => child.id, :project => {:name => 'Updated'}
assert_response 302
assert_match /Successful update/, flash[:notice]
end
def test_modules
@request.session[:user_id] = 2
Project.find(1).enabled_module_names = ['issue_tracking', 'news']
......
......@@ -39,7 +39,10 @@ module ObjectHelpers
project
end
def Project.generate_with_parent!(parent, attributes={})
def Project.generate_with_parent!(*args)
attributes = args.last.is_a?(Hash) ? args.pop : {}
parent = args.size > 0 ? args.first : Project.generate!
project = Project.generate!(attributes) do |p|
p.parent = parent
end
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment