introduce separate permission for backlogs mgmt

pull/9779/head
ulferts 3 years ago
parent 36eb9cb7e8
commit 31f8a09659
No known key found for this signature in database
GPG Key ID: A205708DE1284017
  1. 3
      app/helpers/project_settings_helper.rb
  2. 14
      config/routes.rb
  3. 41
      modules/backlogs/app/controllers/projects/settings/backlogs_controller.rb
  4. 6
      modules/backlogs/app/views/projects/settings/backlogs/show.html.erb
  5. 1
      modules/backlogs/config/locales/en.yml
  6. 4
      modules/backlogs/config/routes.rb
  7. 27
      modules/backlogs/lib/open_project/backlogs/engine.rb
  8. 73
      modules/backlogs/lib/open_project/backlogs/patches/projects_controller_patch.rb
  9. 2
      modules/backlogs/spec/features/resolved_status_spec.rb

@ -75,9 +75,8 @@ module ProjectSettingsHelper
},
{
name: :backlogs,
action: { controller: '/backlogs_project_settings', action: 'show' },
action: { controller: '/projects/settings/backlogs', action: 'show' },
label: :label_backlogs,
if: ->(project) { project.module_enabled?('backlogs') }
},
{
name: 'storage',

@ -184,7 +184,6 @@ OpenProject::Application.routes.draw do
namespace 'settings' do
ProjectSettingsHelper
.project_settings_tabs
.select { |s| %w[modules general types custom_fields versions categories repository time_entry_activities].include?(s[:name]) }
.each do |tab|
get tab[:name],
controller: tab[:name],
@ -196,19 +195,6 @@ OpenProject::Application.routes.draw do
end
end
ProjectSettingsHelper
.project_settings_tabs
.reject { |s| %w[modules general types custom_fields versions categories repository time_entry_activities].include?(s[:name]) }
.each do |tab|
get "settings/#{tab[:name]}",
controller: "project_settings/#{tab[:name]}",
action: :show,
as: "settings_#{tab[:name]}"
patch "settings/#{tab[:name]}",
controller: "project_settings/#{tab[:name]}",
action: :update,
as: "update_settings_#{tab[:name]}"
end
get "settings", to: redirect('projects/%{id}/settings/general/') # rubocop:disable Style/FormatStringToken
get 'identifier', action: 'identifier'

@ -28,11 +28,48 @@
# See COPYRIGHT and LICENSE files for more details.
#++
class BacklogsProjectSettingsController < ProjectSettingsController
class Projects::Settings::BacklogsController < ProjectSettingsController
menu_item :settings_backlogs
def show
@statuses_done_for_project = @project.done_statuses.select(:id).map(&:id)
render template: '/project_settings/backlogs_settings'
end
def update
selected_statuses = (params[:statuses] || []).map do |work_package_status|
Status.find(work_package_status[:status_id].to_i)
end.compact
@project.done_statuses = selected_statuses
@project.save!
flash[:notice] = I18n.t(:notice_successful_update)
redirect_to_backlogs_settings
end
def rebuild_positions
@project.rebuild_positions
flash[:notice] = I18n.t('backlogs.positions_rebuilt_successfully')
redirect_to_backlogs_settings
rescue ActiveRecord::ActiveRecordError
flash[:error] = I18n.t('backlogs.positions_could_not_be_rebuilt')
log_rebuild_position_error
redirect_to_backlogs_settings
end
private
def redirect_to_backlogs_settings
redirect_to backlogs_settings_project_path(@project)
end
def log_rebuild_position_error
logger.error("Tried to rebuild positions for project #{@project.identifier.inspect} but could not...")
logger.error($!)
logger.error($@)
end
end

@ -31,7 +31,9 @@ See COPYRIGHT and LICENSE files for more details.
<%= render partial: 'projects/form/toolbar', locals: { form_name: "edit_project_#{@project.id}" } %>
<% end %>
<%= styled_form_tag({controller: '/projects', action: "project_done_statuses", id: @project}, id: "edit_project_#{@project.id}") do %>
<%= styled_form_tag(backlogs_settings_project_path(@project),
method: :patch,
id: "edit_project_#{@project.id}") do %>
<div class="generic-table--container">
<div class="generic-table--results-container">
@ -87,6 +89,6 @@ See COPYRIGHT and LICENSE files for more details.
<h3><%=t('backlogs.rebuild_positions')%></h3>
<%= styled_form_tag(:controller => '/projects', :action => "rebuild_positions", :id => @project) do %>
<%= styled_form_tag(controller: '/projects/settings/backlogs', action: "rebuild_positions", id: @project) do %>
<p><%= styled_button_tag t('backlogs.rebuild'), class: '-highlight' %></p>
<% end %>

@ -156,6 +156,7 @@ en:
permission_view_master_backlog: "View master backlog"
permission_view_taskboards: "View taskboards"
permission_select_done_statuses: "Select done statuses"
permission_update_sprints: "Update sprints"
points_accepted: "points accepted"

@ -56,9 +56,7 @@ OpenProject::Application.routes.draw do
end
get 'projects/:project_id/versions/:id/edit' => 'version_settings#edit'
post 'projects/:id/project_done_statuses' => 'projects#project_done_statuses'
post 'projects/:id/rebuild_positions' => 'projects#rebuild_positions'
get 'projects/:id/settings/backlogs', controller: 'backlogs_project_settings', action: 'show', as: 'settings_backlogs'
post 'projects/:id/settings/rebuild_positions' => 'projects/settings/backlogs#rebuild_positions'
scope 'admin' do
resource :backlogs,

@ -51,12 +51,6 @@ module OpenProject::Backlogs
author_url: 'https://www.openproject.org',
bundled: true,
settings: settings do
OpenProject::AccessControl.permission(:edit_project).tap do |add|
add.controller_actions << 'projects/project_done_statuses'
add.controller_actions << 'projects/rebuild_positions'
add.controller_actions << 'backlogs_project_settings/show'
end
OpenProject::AccessControl.permission(:add_work_packages).tap do |add|
add.controller_actions << 'rb_stories/create'
add.controller_actions << 'rb_tasks/create'
@ -73,7 +67,8 @@ module OpenProject::Backlogs
# SYNTAX: permission :name_of_permission, { :controller_name => [:action1, :action2] }
# Master backlog permissions
permission :view_master_backlog, rb_master_backlogs: :index,
permission :view_master_backlog,
rb_master_backlogs: :index,
rb_sprints: %i[index show],
rb_wikis: :show,
rb_stories: %i[index show],
@ -81,7 +76,8 @@ module OpenProject::Backlogs
rb_burndown_charts: :show,
rb_export_card_configurations: %i[index show]
permission :view_taskboards, rb_taskboards: :show,
permission :view_taskboards,
rb_taskboards: :show,
rb_sprints: :show,
rb_stories: :show,
rb_tasks: %i[index show],
@ -90,10 +86,20 @@ module OpenProject::Backlogs
rb_burndown_charts: :show,
rb_export_card_configurations: %i[index show]
permission :select_done_statuses,
{
'projects/settings/backlogs': %i[show update rebuild_positions]
},
require: :member
# Sprint permissions
# :show_sprints and :list_sprints are implicit in :view_master_backlog permission
permission :update_sprints, rb_sprints: %i[edit update],
rb_wikis: %i[edit update]
permission :update_sprints,
{
rb_sprints: %i[edit update],
rb_wikis: %i[edit update],
},
require: :member
end
menu :project_menu,
@ -113,7 +119,6 @@ module OpenProject::Backlogs
Status
Type
Project
ProjectsController
User
VersionsController
Version]

@ -1,73 +0,0 @@
#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) 2012-2021 the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See COPYRIGHT and LICENSE files for more details.
#++
require_dependency 'projects_controller'
module OpenProject::Backlogs::Patches::ProjectsControllerPatch
def self.included(base)
base.class_eval do
prepend InstanceMethods
end
end
module InstanceMethods
def project_done_statuses
selected_statuses = (params[:statuses] || []).map do |work_package_status|
Status.find(work_package_status[:status_id].to_i)
end.compact
@project.done_statuses = selected_statuses
@project.save!
flash[:notice] = I18n.t(:notice_successful_update)
redirect_to_backlogs_settings
end
def rebuild_positions
@project.rebuild_positions
flash[:notice] = I18n.t('backlogs.positions_rebuilt_successfully')
redirect_to_backlogs_settings
rescue ActiveRecord::ActiveRecordError
flash[:error] = I18n.t('backlogs.positions_could_not_be_rebuilt')
logger.error("Tried to rebuild positions for project #{@project.identifier.inspect} but could not...")
logger.error($!)
logger.error($@)
redirect_to_backlogs_settings
end
def redirect_to_backlogs_settings
redirect_to controller: 'backlogs_project_settings', action: 'show', id: @project
end
end
end
ProjectsController.include OpenProject::Backlogs::Patches::ProjectsControllerPatch

@ -37,7 +37,7 @@ describe 'Resolved status',
let!(:status) { FactoryBot.create(:status, is_default: true) }
let(:role) do
FactoryBot.create(:role,
permissions: %i(edit_project))
permissions: %i[select_done_statuses])
end
let!(:current_user) do
FactoryBot.create(:user,

Loading…
Cancel
Save