Fix edit permissions on overview edit page

https://community.openproject.com/work_packages/24356
8 years ago · fd2c001c23
parent b48475c8d0
commit fd2c001c23
5 changed files with 9 additions and 5 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -60,7 +60,6 @@ env:
  matrix:
    - "TEST_SUITE=plugins:spec      DB=mysql    GROUP_SIZE=1 GROUP=1"
    - "TEST_SUITE=plugins:cucumber  DB=mysql    GROUP_SIZE=1 GROUP=1"
    - "TEST_SUITE=npm"
--- a/app/views/my_projects_overviews/_block.html.erb
+++ b/app/views/my_projects_overviews/_block.html.erb
@ -23,7 +23,7 @@ See doc/COPYRIGHT.md for more details.
  <% block_name_id = "my_page_#{block_name}_box_actions" %>
  <% content_for block_name_id do %>
    <div class="box-actions">
-      <% if User.current.allowed_to?(:remove_block, nil, global: true) %>
+      <% if User.current.allowed_to?(:edit_project, project) %>
      <a href="javascript:"
         ng-click="$ctrl.remove()"
         ng-show="$ctrl.editing"
--- a/app/views/my_projects_overviews/_block_textilizable.html.erb
+++ b/app/views/my_projects_overviews/_block_textilizable.html.erb
@ -71,7 +71,7 @@ See doc/COPYRIGHT.md for more details.
               ng-click="$ctrl.toggleEditForm(true)"
               title="<%= l(:button_edit) %>"></a>
          <% end %>
-          <% if User.current.allowed_to?(:remove_block, nil, global: true) %>
+          <% if User.current.allowed_to?(:edit_project, project) %>
            <a href="javascript:"
               ng-click="$ctrl.remove()"
               class="icon icon-close remove-block"
--- a/app/views/my_projects_overviews/blocks/_project_description.html.erb
+++ b/app/views/my_projects_overviews/blocks/_project_description.html.erb
@ -31,7 +31,7 @@ See doc/COPYRIGHT.md for more details.
  <%= format_text @project.description %>
 </div>
-<% if current_user.admin? %>
+<% if current_user.allowed_to?(:edit_project, project) %>
  <%= link_to settings_project_path(project), class: 'button -highlight' do %>
    <i class="button--icon icon-edit"></i>
    <span class="button--text"><%= l(:button_edit) %></span>
--- a/spec/features/block_editing_spec.rb
+++ b/spec/features/block_editing_spec.rb
@ -34,7 +34,12 @@ describe 'My project page editing', type: :feature, js: true do
  let(:mypage) { ::Pages::Page.new }
  let(:button_selector) { '.toolbar a.button' }
-  let(:user) { FactoryGirl.create :admin }
+
  let(:user) { FactoryGirl.create :user,
                                  member_in_project: project,
                                  member_through_role: role }
  let(:role) { FactoryGirl.create :role, permissions: [:view_project,
                                                       :edit_project] }
  # Add block select
  let(:select) { find('#block-select') }