From 3c1c487c8f15d30f944909b3a84f345e3dd9bf9e Mon Sep 17 00:00:00 2001 From: "karel.picman@lbcfree.net" Date: Mon, 3 Aug 2020 15:12:53 +0200 Subject: [PATCH] #1159 AW log permissions --- app/controllers/dmsf_workflows_controller.rb | 14 ++++++---- .../dmsf_workflow_controller_test.rb | 28 +++++++++++++++++++ 2 files changed, 37 insertions(+), 5 deletions(-) diff --git a/app/controllers/dmsf_workflows_controller.rb b/app/controllers/dmsf_workflows_controller.rb index f444094c..921fec01 100644 --- a/app/controllers/dmsf_workflows_controller.rb +++ b/app/controllers/dmsf_workflows_controller.rb @@ -480,16 +480,20 @@ private if @dmsf_workflow.project # Project workflow @project = @dmsf_workflow.project else # Global workflow - revision = DmsfFileRevision.find_by(id: params[:dmsf_file_revision_id]) - @project = revision.dmsf_file.project if revision && revision.dmsf_file + if params[:dmsf_file_revision_id].present? + revision = DmsfFileRevision.find_by(id: params[:dmsf_file_revision_id]) + @project = revision.dmsf_file.project if revision && revision.dmsf_file + else + @project = Project.find params[:project_id] if params[:project_id].present? + end end else - if params[:dmsf_workflow] + if params[:dmsf_workflow].present? @project = Project.find params[:dmsf_workflow][:project_id] - elsif params[:project_id] + elsif params[:project_id].present? @project = Project.find params[:project_id] else - @project = Project.find params[:id] + @project = Project.find(params[:id]) if params[:id].present? end end rescue ActiveRecord::RecordNotFound diff --git a/test/functional/dmsf_workflow_controller_test.rb b/test/functional/dmsf_workflow_controller_test.rb index 243f0c83..7adad137 100644 --- a/test/functional/dmsf_workflow_controller_test.rb +++ b/test/functional/dmsf_workflow_controller_test.rb @@ -36,6 +36,7 @@ class DmsfWorkflowsControllerTest < RedmineDmsf::Test::TestCase @role_manager.add_permission! :file_manipulation @role_manager.add_permission! :manage_workflows @role_manager.add_permission! :file_approval + @role_manager.add_permission! :view_dmsf_files @wfs1 = DmsfWorkflowStep.find 1 # step 1 @wfs2 = DmsfWorkflowStep.find 2 # step 2 @wfs3 = DmsfWorkflowStep.find 3 # step 1 @@ -413,4 +414,31 @@ class DmsfWorkflowsControllerTest < RedmineDmsf::Test::TestCase assert_response :redirect end + def test_log_non_member + @request.session[:user_id] = @user_non_member.id + get :log, params: { id: @wf1.id, project_id: @project1.id, dmsf_file_id: @file1.id, format: 'js' }, xhr: true + assert_response :forbidden + end + + def test_log_member_local_wf + @request.session[:user_id] = @user_member.id + get :log, params: { id: @wf1.id, project_id: @project1.id, dmsf_file_id: @file1.id, format: 'js' }, xhr: true + assert_response :success + assert_template :log + end + + def test_log_member_global_wf + @request.session[:user_id] = @user_member.id + get :log, params: { id: @wf3.id, project_id: @project1.id, dmsf_file_id: @file1.id, format: 'js' }, xhr: true + assert_response :success + assert_template :log + end + + def test_log_admin + @request.session[:user_id] = @user_admin.id + get :log, params: { id: @wf1.id, project_id: @project1.id, dmsf_file_id: @file1.id, format: 'js' }, xhr: true + assert_response :success + assert_template :log + end + end