From 1ff42ec5bca0d4f6858b7b25bb7ccefdf6135a6a Mon Sep 17 00:00:00 2001
From: Go MAEDA <maeda@farend.jp>
Date: Thu, 25 Apr 2019 05:32:58 +0000
Subject: [PATCH] New Permission: Edit own issue (#1248).

Patch by Yuichi HARADA.


git-svn-id: http://svn.redmine.org/redmine/trunk@18081 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/models/issue.rb     |  4 +++-
 config/locales/en.yml   |  1 +
 lib/redmine.rb          |  1 +
 test/unit/issue_test.rb | 17 +++++++++++++++++
 4 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/app/models/issue.rb b/app/models/issue.rb
index 3bccbb348..1e0fbc43a 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -180,7 +180,9 @@ class Issue < ActiveRecord::Base
 
   # Returns true if user or current user is allowed to edit the issue
   def attributes_editable?(user=User.current)
-    user_tracker_permission?(user, :edit_issues)
+    user_tracker_permission?(user, :edit_issues) || (
+      user_tracker_permission?(user, :edit_own_issues) && author == user
+    )
   end
 
   # Overrides Redmine::Acts::Attachable::InstanceMethods#attachments_editable?
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 4269e344e..680b5c915 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -488,6 +488,7 @@ en:
   permission_view_issues: View Issues
   permission_add_issues: Add issues
   permission_edit_issues: Edit issues
+  permission_edit_own_issues: Edit own issues
   permission_copy_issues: Copy issues
   permission_manage_issue_relations: Manage issue relations
   permission_set_issues_private: Set issues public or private
diff --git a/lib/redmine.rb b/lib/redmine.rb
index aa91a873f..45e9f1024 100644
--- a/lib/redmine.rb
+++ b/lib/redmine.rb
@@ -102,6 +102,7 @@ Redmine::AccessControl.map do |map|
                                   :read => true
     map.permission :add_issues, {:issues => [:new, :create], :attachments => :upload}
     map.permission :edit_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update], :journals => [:new], :attachments => :upload}
+    map.permission :edit_own_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update], :journals => [:new], :attachments => :upload}
     map.permission :copy_issues, {:issues => [:new, :create, :bulk_edit, :bulk_update], :attachments => :upload}
     map.permission :manage_issue_relations, {:issue_relations => [:index, :show, :create, :destroy]}
     map.permission :manage_subtasks, {}
diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb
index afd8d8c36..7ca0bbd36 100644
--- a/test/unit/issue_test.rb
+++ b/test/unit/issue_test.rb
@@ -543,6 +543,23 @@ class IssueTest < ActiveSupport::TestCase
     assert_equal false, issue.deletable?(user)
   end
 
+  def test_issue_should_editable_by_author
+    Role.all.each do |r|
+      r.remove_permission! :edit_issues
+      r.add_permission! :edit_own_issues
+    end
+
+    issue = Issue.find(1)
+    user = User.find_by_login('jsmith')
+
+    # author
+    assert_equal user, issue.author
+    assert_equal true, issue.attributes_editable?(user)
+
+    # not author
+    assert_equal false, issue.attributes_editable?(User.find_by_login('dlopper'))
+  end
+
   def test_errors_full_messages_should_include_custom_fields_errors
     field = IssueCustomField.find_by_name('Database')