##// END OF EJS Templates
jro_apps » redmine
RSS
Anonymous users should always see public issues only (#11872)....
Jean-Philippe Lang -
r10254:5328c4adcb6c
parent child
Show More
Side by Side Unified
Context file:
r10254:5328c4adcb6c Loading diff...:
Show file before | Show file after | Hide comments
@@ -84,25 +84,21 class Issue < ActiveRecord::Base
84 # Returns a SQL conditions string used to find all issues visible by the specified user
84 # Returns a SQL conditions string used to find all issues visible by the specified user
85 def self.visible_condition(user, options={})
85 def self.visible_condition(user, options={})
86 Project.allowed_to_condition(user, :view_issues, options) do |role, user|
86 Project.allowed_to_condition(user, :view_issues, options) do |role, user|
87 case role.issues_visibility
87 if user.logged?
88 when 'all'
88 case role.issues_visibility
89 nil
89 when 'all'
90 when 'default'
90 nil
91 if user.logged?
91 when 'default'
92 user_ids = [user.id] + user.groups.map(&:id)
92 user_ids = [user.id] + user.groups.map(&:id)
93 "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
93 "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
94 else
94 when 'own'
95 "(#{table_name}.is_private = #{connection.quoted_false})"
96 end
97 when 'own'
98 if user.logged?
99 user_ids = [user.id] + user.groups.map(&:id)
95 user_ids = [user.id] + user.groups.map(&:id)
100 "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
96 "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
101 else
97 else
102 '1=0'
98 '1=0'
103 end
99 end
104 else
100 else
105 '1=0'
101 "(#{table_name}.is_private = #{connection.quoted_false})"
106 end
102 end
107 end
103 end
108 end
104 end
@@ -110,15 +106,19 class Issue < ActiveRecord::Base
110 # Returns true if usr or current user is allowed to view the issue
106 # Returns true if usr or current user is allowed to view the issue
111 def visible?(usr=nil)
107 def visible?(usr=nil)
112 (usr || User.current).allowed_to?(:view_issues, self.project) do |role, user|
108 (usr || User.current).allowed_to?(:view_issues, self.project) do |role, user|
113 case role.issues_visibility
109 if user.logged?
114 when 'all'
110 case role.issues_visibility
115 true
111 when 'all'
116 when 'default'
112 true
117 !self.is_private? || (user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to)))
113 when 'default'
118 when 'own'
114 !self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to))
119 user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to))
115 when 'own'
116 self.author == user || user.is_or_belongs_to?(assigned_to)
117 else
118 false
119 end
120 else
120 else
121 false
121 !self.is_private?
122 end
122 end
123 end
123 end
124 end
124 end
Show file before | Show file after | Hide comments
@@ -133,6 +133,11 class Role < ActiveRecord::Base
133 self.builtin != 0
133 self.builtin != 0
134 end
134 end
135
135
136 # Return true if the role is the anonymous role
137 def anonymous?
138 builtin == 2
139 end
140
136 # Return true if the role is a project member role
141 # Return true if the role is a project member role
137 def member?
142 def member?
138 !self.builtin?
143 !self.builtin?
Show file before | Show file after | Hide comments
@@ -1,5 +1,6
1 <%= error_messages_for 'role' %>
1 <%= error_messages_for 'role' %>
2
2
3 <% unless @role.anonymous? %>
3 <div class="box tabular">
4 <div class="box tabular">
4 <% unless @role.builtin? %>
5 <% unless @role.builtin? %>
5 <p><%= f.text_field :name, :required => true %></p>
6 <p><%= f.text_field :name, :required => true %></p>
@@ -11,6 +12,7
11 <%= select_tag(:copy_workflow_from, content_tag("option") + options_from_collection_for_select(@roles, :id, :name, params[:copy_workflow_from] || @copy_from.try(:id))) %></p>
12 <%= select_tag(:copy_workflow_from, content_tag("option") + options_from_collection_for_select(@roles, :id, :name, params[:copy_workflow_from] || @copy_from.try(:id))) %></p>
12 <% end %>
13 <% end %>
13 </div>
14 </div>
15 <% end %>
14
16
15 <h3><%= l(:label_permissions) %></h3>
17 <h3><%= l(:label_permissions) %></h3>
16 <div class="box tabular" id="permissions">
18 <div class="box tabular" id="permissions">
Show file before | Show file after | Hide comments
@@ -110,6 +110,14 class RolesControllerTest < ActionController::TestCase
110 assert_response :success
110 assert_response :success
111 assert_template 'edit'
111 assert_template 'edit'
112 assert_equal Role.find(1), assigns(:role)
112 assert_equal Role.find(1), assigns(:role)
113 assert_select 'select[name=?]', 'role[issues_visibility]'
114 end
115
116 def test_edit_anonymous
117 get :edit, :id => Role.anonymous.id
118 assert_response :success
119 assert_template 'edit'
120 assert_select 'select[name=?]', 'role[issues_visibility]', 0
113 end
121 end
114
122
115 def test_edit_invalid_should_respond_with_404
123 def test_edit_invalid_should_respond_with_404
General Comments 0
You need to be logged in to leave comments. Login now