Merge pull request #71 from abf/rosa-build:51-change-rights-for-operations-with-tags-and-assignee

#51: Change rights for operations with tags and assignee
2013-04-08 14:57:48 +04:00 · 2013-04-08 14:57:48 +04:00 · 1b93de0724
parent 7de91502fb a33e20c5e4
commit 1b93de0724
9 changed files with 87 additions and 28 deletions
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@ -38,9 +38,12 @@ class Projects::IssuesController < Projects::BaseController
  end

  def create
-    @assignee_uname = params[:assignee_uname]
    @issue.user_id = current_user.id

+    unless can?(:write, @project)
+      @issue.assignee_id  = nil
+      @issue.labelings    = []
+    end
    if @issue.save
      @issue.subscribe_creator(current_user.id)
      flash[:notice] = I18n.t("flash.issue.saved")
@ -56,6 +59,12 @@ class Projects::IssuesController < Projects::BaseController
  end

  def update
+    unless can?(:write, @project)
+      params.delete :update_labels
+      [:assignee_id, :labelings, :labelings_attributes].each do |k|
+        params[:issue].delete k
+      end if params[:issue]
+    end
    @issue.labelings.destroy_all if params[:update_labels]
    if params[:issue] && status = params[:issue][:status]
      @issue.set_close(current_user) if status == 'closed'
--- a/app/controllers/projects/pull_requests_controller.rb
+++ b/app/controllers/projects/pull_requests_controller.rb
@ -38,7 +38,7 @@ class Projects::PullRequestsController < Projects::BaseController
    authorize! :read, to_project

    @pull = to_project.pull_requests.new pull_params
-    @pull.issue.assignee_id = (params[:issue] || {})[:assignee_id]
+    @pull.issue.assignee_id = (params[:issue] || {})[:assignee_id] if can?(:write, to_project)
    @pull.issue.user, @pull.issue.project, @pull.from_project = current_user, to_project, @project
    @pull.from_project_owner_uname = @pull.from_project.owner.uname
    @pull.from_project_name = @pull.from_project.name
--- a/app/views/projects/issues/_form.html.haml
+++ b/app/views/projects/issues/_form.html.haml
@ -1,13 +1,14 @@
 =render 'title_body', :f => f, :id => 'new'
-.leftlist= t('activerecord.attributes.issue.assignee') + ':'
-#assigned-container.rightlist
-  =render 'user_container', :user => @issue.assignee
-.both
-.leftlist= t('layout.issues.labels') + ':'
-.rightlist
-  %span#flag-span.small-text= t('layout.issues.choose_labels_on_left')
-  #issue_labels
-.both
+- if can?(:write, @project)
+  .leftlist= t('activerecord.attributes.issue.assignee') + ':'
+  #assigned-container.rightlist
+    =render 'user_container', :user => @issue.assignee
+  .both
+  .leftlist= t('layout.issues.labels') + ':'
+  .rightlist
+    %span#flag-span.small-text= t('layout.issues.choose_labels_on_left')
+    #issue_labels
+  .both
 .leftlist
 .rightlist
  %input{:type => "submit", :value => t(@issue.new_record? ? 'layout.create' : 'layout.update')}
--- a/app/views/projects/issues/_manage_sidebar.html.haml
+++ b/app/views/projects/issues/_manage_sidebar.html.haml
@ -1,8 +1,8 @@
 -content_for :sidebar do
-  - can_manage = can?(:update, @issue) && @issue.persisted? || @issue.new_record?
  - if @issue.persisted?
    .bordered.nopadding
      %h3=t('activerecord.attributes.issue.status')
+      - can_manage = can?(:update, @issue)
      #switcher.issue_status{:class => "#{@issue.closed? ? 'switcher-off' : 'switcher'} #{can_manage ? "switch_issue_status" : ''}"}
        .swleft=t('layout.issues.status.open')
        .swright=t('layout.issues.status.closed')
@ -11,7 +11,7 @@
            =hidden_field_tag "issue_status", @issue.closed? ? 'closed' : 'open', :name => "issue[status]"
  .block
    %h3=t('layout.issues.labels')
-    - if can_manage
+    - if can?(:write, @project)
      .current_labels
        - (@project.labels || []).each do |label|
          - is_issue_label = @issue.labels.include? label
@ -29,6 +29,6 @@
        .label.nopointer
          .labeltext.selected{:style => "background: ##{label.color};"}=label.name
          .both
-    - if can_manage && @issue.persisted?
+    - if can?(:write, @project) && @issue.persisted?
      =link_to(t('layout.issues.label_manage'), '#', :class => "button tmargin10 manage_labels")
      =link_to(t('layout.issues.done'), '#', :class => "button tmargin10 update_labels", :style => 'display:none')
--- a/app/views/projects/issues/_user_container.html.haml
+++ b/app/views/projects/issues/_user_container.html.haml
@ -6,5 +6,5 @@
    %span= t('layout.issues.is_assigned')
  - else
    %span= t('layout.issues.no_one_is_assigned')
-  -if can?(:update, @issue) || @issue.new_record?
+  -if can?(:write, @project)
    %span.icon-share
--- a/app/views/projects/pull_requests/new.html.haml
+++ b/app/views/projects/pull_requests/new.html.haml
@ -32,11 +32,11 @@
              %div{:class => @pull.ready? ? 'notice' : 'alert'}
                =pull_status @pull
          .both
-
-          .leftlist.big-list= t('activerecord.attributes.issue.assignee') + ':'
-          #assigned-container.rightlist
-            =render 'projects/issues/user_container', :user => @pull.assignee
-          .both
+          - if can?(:write, @pull.to_project)
+            .leftlist.big-list= t('activerecord.attributes.issue.assignee') + ':'
+            #assigned-container.rightlist
+              =render 'projects/issues/user_container', :user => @pull.assignee
+            .both
          .leftlist.big-list
          .rightlist
            =f.submit t('.submit'), :class => 'btn btn-primary disabled', 'data-loading-text' => t('layout.processing'), :id => 'create_pull' unless @pull.already?
--- a/spec/controllers/projects/issues_controller_spec.rb
+++ b/spec/controllers/projects/issues_controller_spec.rb
@ -2,13 +2,14 @@
 require 'spec_helper'

 shared_context "issues controller" do
-  before(:each) do
+  before do
    stub_symlink_methods

    @project = FactoryGirl.create(:project)
    @issue_user = FactoryGirl.create(:user)

    @issue = FactoryGirl.create(:issue, :project_id => @project.id, :assignee_id => @issue_user.id)
+    @label = FactoryGirl.create(:label, :project_id => @project.id)

    @project_with_turned_off_issues = FactoryGirl.create(:project, :has_issues => false)
    @turned_of_issue = FactoryGirl.create(:issue, :project_id => @project_with_turned_off_issues.id, :assignee_id => @issue_user.id)
@ -20,10 +21,10 @@ shared_context "issues controller" do
      :owner_name => @project.owner.uname, :project_name => @project.name,
      :issue => {
        :title => "issue1",
-        :body => "issue body"
-      },
-      :assignee_id => @issue_user.id,
-      :assignee_uname => @issue_user.uname
+        :body => "issue body",
+        :labelings_attributes => { @label.id => {:label_id => @label.id}},
+        :assignee_id => @issue_user.id
+      }
    }

    @update_params = {
@ -56,9 +57,7 @@ shared_examples_for 'issue user with project reader rights' do
    get :index, :owner_name => @project.owner.uname, :project_name => @project.name
    response.should render_template(:index)
  end
-end

-shared_examples_for 'issue user with project writer rights' do
  it 'should be able to perform create action' do
    post :create, @create_params
    response.should redirect_to(project_issues_path(@project))
@ -69,6 +68,30 @@ shared_examples_for 'issue user with project writer rights' do
  end
 end

+shared_examples_for 'issue user with project writer rights' do
+  it 'should be able to perform index action on hidden project' do
+    @project.update_attributes(:visibility => 'hidden')
+    get :index, :owner_name => @project.owner.uname, :project_name => @project.name
+    response.should render_template(:index)
+  end
+
+  it 'should create issue object into db' do
+    lambda{ post :create, @create_params }.should change{ Issue.count }.by(1)
+  end
+
+  context 'perform create action' do
+    before { post :create, @create_params }
+
+    it 'user should be assigned to issue' do
+      @project.issues.last.assignee_id.should_not be_nil
+    end
+
+    it 'label should be attached to issue' do
+      @project.issues.last.labels.should have(1).item
+    end
+  end
+end
+
 shared_examples_for 'user with issue update rights' do
  it 'should be able to perform update action' do
    put :update, {:id => @issue.serial_id}.merge(@update_params)
@ -167,11 +190,22 @@ describe Projects::IssuesController do

    it_should_behave_like 'issue user with project guest rights'
    it_should_behave_like 'issue user with project reader rights'
-    it_should_behave_like 'issue user with project writer rights'
    it_should_behave_like 'user without issue update rights'
    it_should_behave_like 'project with issues turned off'
    it_should_behave_like 'user without issue destroy rights'

+    context 'perform create action' do
+      before { post :create, @create_params }
+
+      it 'user should not be assigned to issue' do
+        @project.issues.last.assignee_id.should be_nil
+      end
+
+      it 'label should not be attached to issue' do
+        @project.issues.last.labels.should have(:no).items
+      end
+    end
+
    # it 'should not be able to perform create action on project' do
    #   post :create, @create_params
    #   response.should redirect_to(forbidden_path)
--- a/spec/factories/label.rb
+++ b/spec/factories/label.rb
@ -0,0 +1,8 @@
+# -*- encoding : utf-8 -*-
+FactoryGirl.define do
+  factory :label do
+    name { FactoryGirl.generate(:string) }
+    color 'FFF'
+    association :project, :factory => :project
+  end
+end
--- a/spec/factories/labeling.rb
+++ b/spec/factories/labeling.rb
@ -0,0 +1,7 @@
+# -*- encoding : utf-8 -*-
+FactoryGirl.define do
+  factory :labeling do
+    association :project, :factory => :project
+    association :label,   :factory => :label
+  end
+end