Merge pull request #261 from warpc/194-tracker

[Refs #194] Fix ACL and tests for issues
This commit is contained in:
Vladimir Sharshov 2012-03-02 11:48:10 -08:00
commit 622d80c6d3
4 changed files with 8 additions and 14 deletions

View File

@ -3,15 +3,13 @@ class IssuesController < ApplicationController
NON_RESTFUL_ACTION = [:create_label, :update_label, :destroy_label, :search_collaborators]
before_filter :authenticate_user!
load_and_authorize_resource :project, :except => NON_RESTFUL_ACTION
load_and_authorize_resource :issue, :through => :project, :find_by => :serial_id, :only => [:show, :edit, :update, :destroy]
load_resource :project
load_and_authorize_resource :issue, :through => :project, :find_by => :serial_id, :only => [:show, :edit, :update, :destroy, :new, :create]
before_filter :load_and_authorize_label, :only => NON_RESTFUL_ACTION
layout 'application'
def index(status = 200)
logger.debug "!!!!!!!!!!!!!!!!!!"
logger.debug "request format is #{request.format}"
@is_assigned_to_me = params[:filter] == 'to_me'
@status = params[:status] == 'closed' ? 'closed' : 'open'
@labels = params[:labels] || []
@ -36,17 +34,16 @@ class IssuesController < ApplicationController
end
def new
@issue = Issue.new(:project => @project)
@issue = @project.issues.new
end
def create
@user_id = params[:user_id]
@user_uname = params[:user_uname]
@issue = Issue.new(params[:issue])
@issue = @project.issues.new(params[:issue])
@issue.creator_id = current_user.id
@issue.user_id = @user_id
@issue.project_id = @project.id
if @issue.save
@issue.subscribe_creator(current_user.id)
@ -67,9 +64,7 @@ class IssuesController < ApplicationController
status = 200 if @issue.save
render action, :status => (status || 500), :layout => false
else
@issue.title = params[:issue][:title]
@issue.body = params[:issue][:body]
status = 200 if @issue.save
status = 200 if @issue.update_attributes(params[:issue])
render :nothing => true, :status => (status || 500), :layout => false
end
end
@ -112,7 +107,6 @@ class IssuesController < ApplicationController
private
def load_and_authorize_label
@project = Project.find(params[:project_id])
@label = Label.find(params[:label_id]) if params[:label_id]
authorize! :write, @project
end

View File

@ -23,7 +23,7 @@ class Issue < ActiveRecord::Base
after_update :deliver_issue_assign_notification
after_update :subscribe_issue_assigned_user
attr_accessible :labelings_attributes, :title, :body, :project, :project_id, :closed_at, :closed_by
attr_accessible :labelings_attributes, :title, :body
accepts_nested_attributes_for :labelings, :allow_destroy => true
scope :opened, where(:status => 'open', :closed_by => nil, :closed_at => nil)

View File

@ -16,5 +16,5 @@
=tracker_search_field(:search_issue, t('layout.issues.search'))
.bordered.nopadding
%h3.bmargin10=t('layout.issues.new')
= link_to t("layout.add"), new_project_issue_path(@project), :class => 'button' if can? :new, Issue.new(:project_id => @project.id)
= link_to t("layout.add"), new_project_issue_path(@project), :class => 'button' if can? :new, @project.issues.new
=render :partial => 'labels'

View File

@ -27,7 +27,7 @@ end
shared_examples_for 'user with issue update rights' do
it 'should be able to perform update action' do
put :update, {:id => @issue.serial_id}.merge(@update_params)
response.should redirect_to([@project, @issue])
response.code.should eq('200')
end
it 'should update issue title' do