Redmine 4.1.7

2023-07-07 08:08:27 +02:00 · 2023-07-07 08:08:27 +02:00 · 3ca3c37487
commit 3ca3c37487
parent 55458d3479
103 changed files with 2426 additions and 431 deletions
--- a/test/functional/activities_controller_test.rb
+++ b/test/functional/activities_controller_test.rb
@ -28,7 +28,8 @@ class ActivitiesControllerTest < Redmine::ControllerTest
           :members,
           :groups_users,
           :enabled_modules,
-           :journals, :journal_details
+           :journals, :journal_details,
+           :attachments, :changesets, :documents, :messages, :news, :time_entries, :wiki_content_versions

  def test_project_index
    get :index, :params => {
@ -95,6 +96,18 @@ class ActivitiesControllerTest < Redmine::ControllerTest
    assert_response 404
  end

+  def test_user_index_with_non_visible_user_id_should_respond_404
+    Role.anonymous.update! :users_visibility => 'members_of_visible_projects'
+    user = User.generate!
+
+    @request.session[:user_id] = nil
+    get :index, :params => {
+      :user_id => user.id
+    }
+
+    assert_response 404
+  end
+
  def test_index_atom_feed
    get :index, :params => {
        :format => 'atom',
@ -111,6 +124,22 @@ class ActivitiesControllerTest < Redmine::ControllerTest
    end
  end

+  def test_index_atom_feed_should_respect_feeds_limit_setting
+    with_settings :feeds_limit => '20' do
+      get(
+        :index,
+        :params => {
+          :format => 'atom'
+        }
+      )
+    end
+    assert_response :success
+
+    assert_select 'feed' do
+      assert_select 'entry', :count => 20
+    end
+  end
+
  def test_index_atom_feed_with_explicit_selection
    get :index, :params => {
        :format => 'atom',
--- a/test/functional/attachments_controller_test.rb
+++ b/test/functional/attachments_controller_test.rb
@ -531,6 +531,23 @@ class AttachmentsControllerTest < Redmine::ControllerTest
    assert_response 403
  end

+  def test_edit_all_issue_attachment_by_user_without_edit_issue_permission_on_tracker_should_return_404
+    role = Role.find(2)
+    role.set_permission_trackers 'edit_issues', [2, 3]
+    role.save!
+
+    @request.session[:user_id] = 2
+
+    get(
+      :edit_all,
+      :params => {
+        :object_type => 'issues',
+        :object_id => '4'
+      }
+    )
+    assert_response 404
+  end
+
  def test_update_all
    @request.session[:user_id] = 2
    patch :update_all, :params => {
@ -659,4 +676,25 @@ class AttachmentsControllerTest < Redmine::ControllerTest
    assert_response 302
    assert Attachment.find_by_id(3)
  end
+
+  def test_destroy_issue_attachment_by_user_without_edit_issue_permission_on_tracker
+    role = Role.find(2)
+    role.set_permission_trackers 'edit_issues', [2, 3]
+    role.save!
+
+    @request.session[:user_id] = 2
+
+    set_tmp_attachments_directory
+    assert_no_difference 'Attachment.count' do
+      delete(
+        :destroy,
+        :params => {
+          :id => 7
+        }
+      )
+    end
+
+    assert_response 403
+    assert Attachment.find_by_id(7)
+  end
 end
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@ -124,6 +124,49 @@ class IssuesControllerTest < Redmine::ControllerTest
    assert_select 'a[href="/issues/6"]', 0
  end

+  def test_index_should_list_issues_of_closed_subprojects
+    @request.session[:user_id] = 1
+    project = Project.find(1)
+
+    with_settings :display_subprojects_issues => '1' do
+      # One of subprojects is closed
+      Project.find_by(:identifier => 'subproject1').close
+      get(:index, :params => {:project_id => project.id})
+      assert_response :success
+      assert_equal 10, issues_in_list.count
+
+      # All subprojects are closed
+      project.descendants.each(&:close)
+      get(:index, :params => {:project_id => project.id})
+      assert_response :success
+      assert_equal 10, issues_in_list.count
+    end
+  end
+
+  def test_index_with_subproject_filter_should_not_exclude_closed_subprojects_issues
+    subproject1 = Project.find(3)
+    subproject2 = Project.find(4)
+    subproject1.close
+
+    with_settings :display_subprojects_issues => '1' do
+      get(
+        :index,
+        :params => {
+          :project_id => 1,
+          :set_filter => 1,
+          :f => ['subproject_id'],
+          :op => {'subproject_id' => '!'},
+          :v => {'subproject_id' => [subproject2.id.to_s]},
+          :c => ['project']
+        }
+      )
+    end
+    assert_response :success
+    column_values = columns_values_in_list('project')
+    assert_includes column_values, subproject1.name
+    assert_equal 9, column_values.size
+  end
+
  def test_index_with_project_and_subprojects_should_show_private_subprojects_with_permission
    @request.session[:user_id] = 2
    Setting.display_subprojects_issues = 1
@ -1664,6 +1707,22 @@ class IssuesControllerTest < Redmine::ControllerTest
    assert_select '#content a.new-issue[href="/issues/new"]', :text => 'New issue'
  end

+  def test_index_should_show_setting_link_with_edit_project_permission
+    role = Role.find(1)
+    role.add_permission! :edit_project
+    @request.session[:user_id] = 2
+    get(:index, :params => {:project_id => 1})
+    assert_select '#content a.icon-settings[href="/projects/ecookbook/settings/issues"]', 1
+  end
+
+  def test_index_should_not_show_setting_link_without_edit_project_permission
+    role = Role.find(1)
+    role.remove_permission! :edit_project
+    @request.session[:user_id] = 2
+    get(:index, :params => {:project_id => 1})
+    assert_select '#content a.icon-settings[href="/projects/ecookbook/settings/issues"]', 0
+  end
+
  def test_index_should_not_include_new_issue_tab_when_disabled
    with_settings :new_item_menu_tab => '0' do
      @request.session[:user_id] = 2
@ -1720,6 +1779,22 @@ class IssuesControllerTest < Redmine::ControllerTest
    end
  end

+  def test_index_should_respect_timespan_format
+    with_settings :timespan_format => 'minutes' do
+      get(
+        :index,
+        :params => {
+          :set_filter => 1,
+          :c => %w(estimated_hours total_estimated_hours spent_hours total_spent_hours)
+        }
+      )
+      assert_select 'table.issues tr#issue-1 td.estimated_hours', :text => '200:00'
+      assert_select 'table.issues tr#issue-1 td.total_estimated_hours', :text => '200:00'
+      assert_select 'table.issues tr#issue-1 td.spent_hours', :text => '154:15'
+      assert_select 'table.issues tr#issue-1 td.total_spent_hours', :text => '154:15'
+    end
+  end
+
  def test_show_by_anonymous
    get :show, :params => {
        :id => 1
@ -2615,6 +2690,32 @@ class IssuesControllerTest < Redmine::ControllerTest
    end
  end

+  def test_show_should_not_display_edit_attachment_icon_for_user_without_edit_issue_permission_on_tracker
+    role = Role.find(2)
+    role.set_permission_trackers 'edit_issues', [2, 3]
+    role.save!
+
+    @request.session[:user_id] = 2
+
+    get :show, params: {id: 4}
+
+    assert_response :success
+    assert_select 'div.attachments .icon-edit',  0
+  end
+
+  def test_show_should_not_display_delete_attachment_icon_for_user_without_edit_issue_permission_on_tracker
+    role = Role.find(2)
+    role.set_permission_trackers 'edit_issues', [2, 3]
+    role.save!
+
+    @request.session[:user_id] = 2
+
+    get :show, params: {id: 4}
+
+    assert_response :success
+    assert_select 'div.attachments .icon-del', 0
+  end
+
  def test_get_new
    @request.session[:user_id] = 2
    get :new, :params => {
@ -4816,6 +4917,41 @@ class IssuesControllerTest < Redmine::ControllerTest
    end
  end

+  def test_get_edit_should_display_visible_spent_time_custom_field
+    @request.session[:user_id] = 2
+
+    get(
+      :edit,
+      :params => {
+        :id => 13,
+      }
+    )
+
+    assert_response :success
+
+    assert_select '#issue-form select#time_entry_custom_field_values_10', 1
+  end
+
+  def test_get_edit_should_not_display_spent_time_custom_field_not_visible
+    cf = TimeEntryCustomField.find(10)
+    cf.visible = false
+    cf.role_ids = [1]
+    cf.save!
+
+    @request.session[:user_id] = 2
+
+    get(
+      :edit,
+      :params => {
+        :id => 13,
+      }
+    )
+
+    assert_response :success
+
+    assert_select '#issue-form select#time_entry_custom_field_values_10', 0
+  end
+
  def test_update_form_for_existing_issue
    @request.session[:user_id] = 2
    patch :edit, :params => {
@ -5222,6 +5358,24 @@ class IssuesControllerTest < Redmine::ControllerTest
    assert_equal spent_hours_before + 2.5, issue.spent_hours
  end

+  def test_put_update_should_check_add_issue_notes_permission
+    role = Role.find(1)
+    role.remove_permission! :add_issue_notes
+    @request.session[:user_id] = 2
+
+    assert_no_difference 'Journal.count' do
+      put(
+        :update,
+        :params => {
+          :id => 1,
+          :issue => {
+            :notes => 'New note'
+          }
+        }
+      )
+    end
+  end
+
  def test_put_update_should_preserve_parent_issue_even_if_not_visible
    parent = Issue.generate!(:project_id => 1, :is_private => true)
    issue = Issue.generate!(:parent_issue_id => parent.id)
@ -5528,6 +5682,29 @@ class IssuesControllerTest < Redmine::ControllerTest
    assert_select 'input[name=?][value=?]', 'time_entry[comments]', 'this is my comment'
  end

+  def test_put_with_spent_time_when_assigned_to_of_private_issue_is_update_at_the_same_time
+    @request.session[:user_id] = 3
+    Role.find(2).update! :issues_visibility => 'own'
+    private_issue = Issue.find(3)
+
+    assert_difference('TimeEntry.count', 1) do
+      put(
+        :update,
+        params: {
+          id: private_issue.id,
+          issue: { assigned_to_id: nil },
+          time_entry: {
+            comments: "add spent time", activity_id: TimeEntryActivity.first.id, hours: 1
+          }
+        }
+      )
+    end
+    assert_select '#errorExplanation', {text: /Log time is invalid/, count: 0}
+    assert_select '#errorExplanation', {text: /Issue is invalid/, count: 0}
+    assert_redirected_to action: 'show', id: private_issue.id
+    assert_not private_issue.reload.visible?
+  end
+
  def test_put_update_should_allow_fixed_version_to_be_set_to_a_subproject
    issue = Issue.find(2)
    @request.session[:user_id] = 2
--- a/test/functional/queries_controller_test.rb
+++ b/test/functional/queries_controller_test.rb
@ -818,4 +818,28 @@ class QueriesControllerTest < Redmine::ControllerTest
    assert_include ["Dave Lopper", "3", "active"], json
    assert_include ["Dave2 Lopper2", "5", "locked"], json
  end
+
+  def test_activity_filter_should_return_active_and_system_activity_ids
+    TimeEntryActivity.create!(:name => 'Design', :parent_id => 9, :project_id => 1)
+    TimeEntryActivity.create!(:name => 'QA', :active => false, :parent_id => 11, :project_id => 1)
+    TimeEntryActivity.create!(:name => 'Inactive Activity', :active => true, :parent_id => 14, :project_id => 1)
+
+    @request.session[:user_id] = 2
+    get(
+      :filter,
+      :params => {
+        :project_id => 1,
+        :type => 'TimeEntryQuery',
+        :name => 'activity_id'
+      }
+    )
+    assert_response :success
+    assert_equal 'application/json', response.media_type
+    json = ActiveSupport::JSON.decode(response.body)
+
+    assert_equal 3, json.count
+    assert_include ["Design", "9"], json
+    assert_include ["Development", "10"], json
+    assert_include ["Inactive Activity", "14"], json
+  end
 end
--- a/test/functional/search_controller_test.rb
+++ b/test/functional/search_controller_test.rb
@ -428,4 +428,19 @@ class SearchControllerTest < Redmine::ControllerTest
      assert_select 'dd span.highlight', :text => 'highlighted'
    end
  end
+
+  def test_search_should_exclude_empty_modules_params
+    @request.session[:user_id] = 1
+
+    get :index, params: {
+      q: "private",
+      scope: "all",
+      issues: "1",
+      projects: nil
+    }
+
+    assert_response :success
+
+    assert_select '#search-results dt.project', 0
+  end
 end
--- a/test/functional/timelog_controller_test.rb
+++ b/test/functional/timelog_controller_test.rb
@ -226,7 +226,7 @@ class TimelogControllerTest < Redmine::ControllerTest
    assert_response :success

    assert_select 'select[name=?]', 'time_entry[user_id]' do
-      assert_select 'option[value="2"][selected=selected]'
+      assert_select 'option[value="2"][selected=selected]', 1
    end
  end

--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@ -237,6 +237,7 @@ class UsersControllerTest < Redmine::ControllerTest
    get :new
    assert_response :success
    assert_select 'input[name=?]', 'user[login]'
+    assert_select 'label[for=?]>span.required', 'user_password', 1
  end

  def test_create
@ -427,6 +428,7 @@ class UsersControllerTest < Redmine::ControllerTest
    assert_response :success
    assert_select 'h2>a+img.gravatar'
    assert_select 'input[name=?][value=?]', 'user[login]', 'jsmith'
+    assert_select 'label[for=?]>span.required', 'user_password', 0
  end

  def test_edit_registered_user
@ -708,6 +710,19 @@ class UsersControllerTest < Redmine::ControllerTest
    assert_response 404
  end

+  def test_update_with_blank_email_should_not_raise_exception
+    assert_no_difference 'User.count' do
+      with_settings :gravatar_enabled => '1' do
+        put :update, :params => {
+          :id => 2,
+          :user => {:mail => ''}
+        }
+      end
+    end
+    assert_response :success
+    assert_select_error /Email cannot be blank/
+  end
+
  def test_destroy
    assert_difference 'User.count', -1 do
      delete :destroy, :params => {:id => 2}
--- a/test/functional/wiki_controller_test.rb
+++ b/test/functional/wiki_controller_test.rb
@ -160,6 +160,12 @@ class WikiControllerTest < Redmine::ControllerTest
    assert_select 'select[name=?] option[value="2"][selected=selected]', 'wiki_page[parent_id]'
  end

+  def test_show_unexistent_version_page
+    @request.session[:user_id] = 2
+    get :show, :params => {:project_id => 1, :id => 'CookBook_documentation', :version => 100}
+    assert_response 404
+  end
+
  def test_show_should_not_show_history_without_permission
    Role.anonymous.remove_permission! :view_wiki_edits
    get :show, :params => {:project_id => 1, :id => 'Page with sections', :version => 2}
--- a/test/functional/workflows_controller_test.rb
+++ b/test/functional/workflows_controller_test.rb
@ -125,7 +125,7 @@ class WorkflowsControllerTest < Redmine::ControllerTest
    assert_select 'table.workflows.transitions-always tbody tr:nth-child(2)' do
      assert_select 'td.name', :text => 'New'
      # assert that the td is enabled
-      assert_select "td[title='New » New'][class=?]", 'enabled'
+      assert_select "td.enabled[title='New » New']"
      # assert that the checkbox is disabled and checked
      assert_select "input[name='transitions[1][1][always]'][checked=?][disabled=?]", 'checked', 'disabled', 1
    end