Merged r7920, r7921, r7922 and r7924 from trunk (#9405).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/1.2-stable@8158 e93f8b46-1217-0410-a6f0-8f06a7374b81
2026-05-07 06:35:55 +02:00 · 2011-12-10 12:04:47 +00:00
parent 1848fcd91e
commit 2f87b3bae3
7 changed files with 67 additions and 10 deletions
--- a/test/functional/context_menus_controller_test.rb
+++ b/test/functional/context_menus_controller_test.rb
@@ -115,4 +115,23 @@ class ContextMenusControllerTest < ActionController::TestCase
    assert_template 'context_menu'
    assert_equal [1], assigns(:issues).collect(&:id)
  end
+  
+  def test_time_entries_context_menu
+    @request.session[:user_id] = 2
+    get :time_entries, :ids => [1, 2]
+    assert_response :success
+    assert_template 'time_entries'
+    assert_tag 'a', :content => 'Edit'
+    assert_no_tag 'a', :content => 'Edit', :attributes => {:class => /disabled/}
+  end
+  
+  def test_time_entries_context_menu_without_edit_permission
+    @request.session[:user_id] = 2
+    Role.find_by_name('Manager').remove_permission! :edit_time_entries
+    
+    get :time_entries, :ids => [1, 2]
+    assert_response :success
+    assert_template 'time_entries'
+    assert_tag 'a', :content => 'Edit', :attributes => {:class => /disabled/}
+  end
 end
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -872,6 +872,22 @@ class IssuesControllerTest < ActionController::TestCase
    assert_equal Issue.find(1), assigns(:issue)
  end

+  def test_get_edit_should_display_the_time_entry_form_with_log_time_permission
+    @request.session[:user_id] = 2
+    Role.find_by_name('Manager').update_attribute :permissions, [:view_issues, :edit_issues, :log_time]
+    
+    get :edit, :id => 1
+    assert_tag 'input', :attributes => {:name => 'time_entry[hours]'}
+  end
+
+  def test_get_edit_should_not_display_the_time_entry_form_without_log_time_permission
+    @request.session[:user_id] = 2
+    Role.find_by_name('Manager').remove_permission! :log_time
+    
+    get :edit, :id => 1
+    assert_no_tag 'input', :attributes => {:name => 'time_entry[hours]'}
+  end
+
  def test_get_edit_with_params
    @request.session[:user_id] = 2
    get :edit, :id => 1, :issue => { :status_id => 5, :priority_id => 7 },
--- a/test/functional/timelog_controller_test.rb
+++ b/test/functional/timelog_controller_test.rb
@@ -115,6 +115,18 @@ class TimelogControllerTest < ActionController::TestCase
    assert_equal 3, t.user_id
  end
  
+  def test_create_without_log_time_permission_should_be_denied
+    @request.session[:user_id] = 2
+    Role.find_by_name('Manager').remove_permission! :log_time
+    post :create, :project_id => 1,
+                :time_entry => {:activity_id => '11',
+                                :issue_id => '',
+                                :spent_on => '2008-03-14',
+                                :hours => '7.3'}
+
+    assert_response 403
+  end
+
  def test_update
    entry = TimeEntry.find(1)
    assert_equal 1, entry.issue_id
@@ -161,6 +173,9 @@ class TimelogControllerTest < ActionController::TestCase

  def test_bulk_update_on_different_projects
    @request.session[:user_id] = 2
+    # makes user a manager on the other project
+    Member.create!(:user_id => 2, :project_id => 3, :role_ids => [1])
+    
    # update time entry activity
    post :bulk_update, :ids => [1, 2, 4], :time_entry => { :activity_id => 9 }
    
@@ -203,6 +218,14 @@ class TimelogControllerTest < ActionController::TestCase
    assert_redirected_to :controller => 'timelog', :action => 'index', :project_id => Project.find(1).identifier
  end
  
+  def test_post_bulk_update_without_edit_permission_should_be_denied
+    @request.session[:user_id] = 2
+    Role.find_by_name('Manager').remove_permission! :edit_time_entries
+    post :bulk_update, :ids => [1,2]
+
+    assert_response 403
+  end
+
  def test_destroy
    @request.session[:user_id] = 2
    delete :destroy, :id => 1