jro_apps/redmine Commit - r10316:1f80a4b0d9ea

Merged r10433, r10437 from trunk....

Jean-Philippe Lang -

r10316:1f80a4b0d9ea

parent child

Context file:

r10316:1f80a4b0d9ea

Collapse all files

app/models/issue.rb +26 -18

                # Returns a SQL conditions string used to find all issues visible by the specified user
                def self.visible_condition(user, options={})
                  Project.allowed_to_condition(user, :view_issues, options) do |role, user|
-                   case role.issues_visibility
-                   when 'all'
-                     nil
-                   when 'default'
-                     user_ids = [user.id] + user.groups.map(&:id)
-                     "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
-                   when 'own'
-                     user_ids = [user.id] + user.groups.map(&:id)
-                     "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
+                   if user.logged?
+                     case role.issues_visibility
+                     when 'all'
+                       nil
+                     when 'default'
+                       user_ids = [user.id] + user.groups.map(&:id)
+                       "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
+                     when 'own'
+                       user_ids = [user.id] + user.groups.map(&:id)
+                       "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
+                     else
+                       '1=0'
+                     end
                    else
-                     '1=0'
+                     "(#{table_name}.is_private = #{connection.quoted_false})"
                    end
                  end
                end
                # Returns true if usr or current user is allowed to view the issue
                def visible?(usr=nil)
                  (usr || User.current).allowed_to?(:view_issues, self.project) do |role, user|
-                   case role.issues_visibility
-                   when 'all'
-                     true
-                   when 'default'
-                     !self.is_private? || self.author == user || user.is_or_belongs_to?(assigned_to)
-                   when 'own'
-                     self.author == user || user.is_or_belongs_to?(assigned_to)
+                   if user.logged?
+                     case role.issues_visibility
+                     when 'all'
+                       true
+                     when 'default'
+                       !self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to))
+                     when 'own'
+                       self.author == user || user.is_or_belongs_to?(assigned_to)
+                     else
+                       false
+                     end
                    else
-                     false
+                     !self.is_private?
                    end
                  end
                end

app/models/role.rb +5 0

                  self.builtin != 0
                end
+               # Return true if the role is the anonymous role
+               def anonymous?
+                 builtin == 2
+               end
                # Return true if the role is a project member role
                def member?
                  !self.builtin?

app/views/roles/_form.html.erb +2 0

              <%= error_messages_for 'role' %>
+             <% unless @role.anonymous? %>
              <div class="box tabular">
              <% unless @role.builtin? %>
              <p><%= f.text_field :name, :required => true %></p>
              <%= select_tag(:copy_workflow_from, content_tag("option") + options_from_collection_for_select(@roles, :id, :name, params[:copy_workflow_from] || @copy_from.try(:id))) %></p>
              <% end %>
              </div>
+             <% end %>
              <h3><%= l(:label_permissions) %></h3>
              <div class="box tabular" id="permissions">

test/functional/roles_controller_test.rb +8 0

                  assert_response :success
                  assert_template 'edit'
                  assert_equal Role.find(1), assigns(:role)
+                 assert_select 'select[name=?]', 'role[issues_visibility]'
+               end
+               def test_edit_anonymous
+                 get :edit, :id => Role.anonymous.id
+                 assert_response :success
+                 assert_template 'edit'
+                 assert_select 'select[name=?]', 'role[issues_visibility]', 0
                end
                def test_edit_invalid_should_respond_with_404

test/unit/issue_test.rb +15 -13

                         :versions,
                         :issue_statuses, :issue_categories, :issue_relations, :workflows,
                         :enumerations,
-                        :issues,
+                        :issues, :journals, :journal_details,
                         :custom_fields, :custom_fields_projects, :custom_fields_trackers, :custom_values,
                         :time_entries
                  assert_visibility_match User.anonymous, issues
                end
-               def test_visible_scope_for_anonymous_with_own_issues_visibility
-                 Role.anonymous.update_attribute :issues_visibility, 'own'
-                 Issue.create!(:project_id => 1, :tracker_id => 1,
-                               :author_id => User.anonymous.id,
-                               :subject => 'Issue by anonymous')
-                 issues = Issue.visible(User.anonymous).all
-                 assert issues.any?
-                 assert_nil issues.detect {|issue| issue.author != User.anonymous}
-                 assert_visibility_match User.anonymous, issues
-               end
                def test_visible_scope_for_anonymous_without_view_issues_permissions
                  # Anonymous user should not see issues without permission
                  Role.anonymous.remove_permission!(:view_issues)
                  assert_visibility_match User.anonymous, issues
                end
+               def test_anonymous_should_not_see_private_issues_with_issues_visibility_set_to_default
+                 assert Role.anonymous.update_attribute(:issues_visibility, 'default')
+                 issue = Issue.generate_for_project!(Project.find(1), :author => User.anonymous, :assigned_to => User.anonymous, :is_private => true)
+                 assert_nil Issue.where(:id => issue.id).visible(User.anonymous).first
+                 assert !issue.visible?(User.anonymous)
+               end
+               def test_anonymous_should_not_see_private_issues_with_issues_visibility_set_to_own
+                 assert Role.anonymous.update_attribute(:issues_visibility, 'own')
+                 issue = Issue.generate_for_project!(Project.find(1), :author => User.anonymous, :assigned_to => User.anonymous, :is_private => true)
+                 assert_nil Issue.where(:id => issue.id).visible(User.anonymous).first
+                 assert !issue.visible?(User.anonymous)
+               end
                def test_visible_scope_for_non_member
                  user = User.find(9)
                  assert user.projects.empty?

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages