diff --git a/app/models/work_package.rb b/app/models/work_package.rb index e82385cdac..3ad3e902fa 100644 --- a/app/models/work_package.rb +++ b/app/models/work_package.rb @@ -706,6 +706,15 @@ class WorkPackage < ActiveRecord::Base users.select {|user| possible_watcher?(user)} end + # check if user is allowed to edit WorkPackage Journals. + # see Redmine::Acts::Journalized::Permissions#journal_editable_by + def editable_by?(user) + project = self.project + allowed = user.allowed_to? :edit_work_package_notes, project, { :global => project.present? } + allowed = user.allowed_to? :edit_own_work_package_notes, project, { :global => project.present? } unless allowed + return allowed + end + protected def recalculate_attributes_for(work_package_id) diff --git a/app/views/journals/update.rjs b/app/views/journals/update.rjs index e191d0f0f7..749399066f 100644 --- a/app/views/journals/update.rjs +++ b/app/views/journals/update.rjs @@ -30,8 +30,12 @@ if @journal.frozen? # journal was destroyed page.remove "change-#{@journal.id}" else - page.replace "journal-#{@journal.id}-notes", render_notes(@journal.journable, @journal, - :edit_permission => :edit_work_package_notes, :edit_own_permission => :edit_own_work_package_notes) + page.replace "journal-#{@journal.id}-notes", render_notes( + @journal.journable, + @journal, + edit_permission: :edit_work_package_notes, + edit_own_permission: :edit_own_work_package_notes, + quote_permission: :edit_work_packages) page.show "journal-#{@journal.id}-notes" page.remove "journal-#{@journal.id}-form" end diff --git a/app/views/work_packages/_history.html.erb b/app/views/work_packages/_history.html.erb index 22dbcaeee4..c304e9d3d0 100644 --- a/app/views/work_packages/_history.html.erb +++ b/app/views/work_packages/_history.html.erb @@ -36,7 +36,7 @@ a journal as the cache could then not be used between all of an issue's journals <% for journal in journals %> <%= render_journal work_package, journal, - :edit_permission => :edit_work_packages_notes, + :edit_permission => :edit_work_package_notes, :quote_permission => :edit_work_packages, :edit_own_permission => :edit_own_work_package_notes, :cache => @journal_cache %> diff --git a/lib/plugins/acts_as_journalized/lib/redmine/acts/journalized/permissions.rb b/lib/plugins/acts_as_journalized/lib/redmine/acts/journalized/permissions.rb index 20cf076cb4..e5be4dc268 100644 --- a/lib/plugins/acts_as_journalized/lib/redmine/acts/journalized/permissions.rb +++ b/lib/plugins/acts_as_journalized/lib/redmine/acts/journalized/permissions.rb @@ -55,7 +55,11 @@ module Redmine::Acts::Journalized if respond_to? :editable_by? editable_by? user else - permission = :"edit_#{self.class.to_s.pluralize.underscore}" + permission = if respond_to? :journal_permission + journal_permission + else + :"edit_#{self.class.to_s.pluralize.underscore}" + end p = @project || (project if respond_to? :project) options = { :global => p.present? } user.allowed_to? permission, p, options diff --git a/spec/controllers/journals_controller_spec.rb b/spec/controllers/journals_controller_spec.rb index f1e67f69ac..971b6202f1 100644 --- a/spec/controllers/journals_controller_spec.rb +++ b/spec/controllers/journals_controller_spec.rb @@ -74,7 +74,7 @@ describe JournalsController do context 'without permission to edit work packages' do let(:permissions) { [:edit_own_work_package_notes] } - example { assert_response :forbidden } + example { assert_response :success } end context 'without permission to edit journals' do diff --git a/spec/lib/acts_as_journalized/journaled_spec.rb b/spec/lib/acts_as_journalized/journaled_spec.rb index 3364546dd0..2d27461f31 100644 --- a/spec/lib/acts_as_journalized/journaled_spec.rb +++ b/spec/lib/acts_as_journalized/journaled_spec.rb @@ -123,10 +123,6 @@ describe "Journalized Objects" do subject { work_package.journal_editable_by?(user) } - context 'and the user has permissions to "edit_work_packages"' do - it { should be_true } - end - context 'and the user has no permission to "edit_work_packages"' do before do role.remove_permission! :edit_work_packages