From fd2c001c237cbf98cbae72f027e36ce51fdd2011 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Oliver=20G=C3=BCnther?= <mail@oliverguenther.de>
Date: Wed, 23 Nov 2016 10:51:46 +0100
Subject: [PATCH] Fix edit permissions on overview edit page

https://community.openproject.com/work_packages/24356
---
 .travis.yml                                                | 1 -
 app/views/my_projects_overviews/_block.html.erb            | 2 +-
 .../my_projects_overviews/_block_textilizable.html.erb     | 2 +-
 .../blocks/_project_description.html.erb                   | 2 +-
 spec/features/block_editing_spec.rb                        | 7 ++++++-
 5 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 91890d7123..44842a1a27 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -60,7 +60,6 @@ env:
 
   matrix:
     - "TEST_SUITE=plugins:spec      DB=mysql    GROUP_SIZE=1 GROUP=1"
-    - "TEST_SUITE=plugins:cucumber  DB=mysql    GROUP_SIZE=1 GROUP=1"
 
     - "TEST_SUITE=npm"
 
diff --git a/app/views/my_projects_overviews/_block.html.erb b/app/views/my_projects_overviews/_block.html.erb
index 4b5a1631e5..f9f49925df 100644
--- a/app/views/my_projects_overviews/_block.html.erb
+++ b/app/views/my_projects_overviews/_block.html.erb
@@ -23,7 +23,7 @@ See doc/COPYRIGHT.md for more details.
   <% block_name_id = "my_page_#{block_name}_box_actions" %>
   <% content_for block_name_id do %>
     <div class="box-actions">
-      <% if User.current.allowed_to?(:remove_block, nil, global: true) %>
+      <% if User.current.allowed_to?(:edit_project, project) %>
       <a href="javascript:"
          ng-click="$ctrl.remove()"
          ng-show="$ctrl.editing"
diff --git a/app/views/my_projects_overviews/_block_textilizable.html.erb b/app/views/my_projects_overviews/_block_textilizable.html.erb
index adb65a6e90..777f767a05 100644
--- a/app/views/my_projects_overviews/_block_textilizable.html.erb
+++ b/app/views/my_projects_overviews/_block_textilizable.html.erb
@@ -71,7 +71,7 @@ See doc/COPYRIGHT.md for more details.
                ng-click="$ctrl.toggleEditForm(true)"
                title="<%= l(:button_edit) %>"></a>
           <% end %>
-          <% if User.current.allowed_to?(:remove_block, nil, global: true) %>
+          <% if User.current.allowed_to?(:edit_project, project) %>
             <a href="javascript:"
                ng-click="$ctrl.remove()"
                class="icon icon-close remove-block"
diff --git a/app/views/my_projects_overviews/blocks/_project_description.html.erb b/app/views/my_projects_overviews/blocks/_project_description.html.erb
index 368002f8c4..bcd7c7d8a0 100644
--- a/app/views/my_projects_overviews/blocks/_project_description.html.erb
+++ b/app/views/my_projects_overviews/blocks/_project_description.html.erb
@@ -31,7 +31,7 @@ See doc/COPYRIGHT.md for more details.
   <%= format_text @project.description %>
 </div>
 
-<% if current_user.admin? %>
+<% if current_user.allowed_to?(:edit_project, project) %>
   <%= link_to settings_project_path(project), class: 'button -highlight' do %>
     <i class="button--icon icon-edit"></i>
     <span class="button--text"><%= l(:button_edit) %></span>
diff --git a/spec/features/block_editing_spec.rb b/spec/features/block_editing_spec.rb
index 12c00425d8..d285be9d5b 100644
--- a/spec/features/block_editing_spec.rb
+++ b/spec/features/block_editing_spec.rb
@@ -34,7 +34,12 @@ describe 'My project page editing', type: :feature, js: true do
   let(:mypage) { ::Pages::Page.new }
 
   let(:button_selector) { '.toolbar a.button' }
-  let(:user) { FactoryGirl.create :admin }
+
+  let(:user) { FactoryGirl.create :user,
+                                  member_in_project: project,
+                                  member_through_role: role }
+  let(:role) { FactoryGirl.create :role, permissions: [:view_project,
+                                                       :edit_project] }
 
   # Add block select
   let(:select) { find('#block-select') }