##// END OF EJS Templates
jro_apps » redmine
RSS
Anonymous users should always see public issues only (#11872)....
Jean-Philippe Lang -
r10254:5328c4adcb6c
parent child
Show More
Side by Side Unified
Context file:
r10254:5328c4adcb6c Loading diff...:
Show file before | Show file after | Hide comments
@@ -84,25 +84,21 class Issue < ActiveRecord::Base
84 84 # Returns a SQL conditions string used to find all issues visible by the specified user
85 85 def self.visible_condition(user, options={})
86 86 Project.allowed_to_condition(user, :view_issues, options) do |role, user|
87 case role.issues_visibility
88 when 'all'
89 nil
90 when 'default'
91 if user.logged?
87 if user.logged?
88 case role.issues_visibility
89 when 'all'
90 nil
91 when 'default'
92 92 user_ids = [user.id] + user.groups.map(&:id)
93 93 "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
94 else
95 "(#{table_name}.is_private = #{connection.quoted_false})"
96 end
97 when 'own'
98 if user.logged?
94 when 'own'
99 95 user_ids = [user.id] + user.groups.map(&:id)
100 96 "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
101 97 else
102 98 '1=0'
103 99 end
104 100 else
105 '1=0'
101 "(#{table_name}.is_private = #{connection.quoted_false})"
106 102 end
107 103 end
108 104 end
@@ -110,15 +106,19 class Issue < ActiveRecord::Base
110 106 # Returns true if usr or current user is allowed to view the issue
111 107 def visible?(usr=nil)
112 108 (usr || User.current).allowed_to?(:view_issues, self.project) do |role, user|
113 case role.issues_visibility
114 when 'all'
115 true
116 when 'default'
117 !self.is_private? || (user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to)))
118 when 'own'
119 user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to))
109 if user.logged?
110 case role.issues_visibility
111 when 'all'
112 true
113 when 'default'
114 !self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to))
115 when 'own'
116 self.author == user || user.is_or_belongs_to?(assigned_to)
117 else
118 false
119 end
120 120 else
121 false
121 !self.is_private?
122 122 end
123 123 end
124 124 end
Show file before | Show file after | Hide comments
@@ -133,6 +133,11 class Role < ActiveRecord::Base
133 133 self.builtin != 0
134 134 end
135 135
136 # Return true if the role is the anonymous role
137 def anonymous?
138 builtin == 2
139 end
140
136 141 # Return true if the role is a project member role
137 142 def member?
138 143 !self.builtin?
Show file before | Show file after | Hide comments
@@ -1,5 +1,6
1 1 <%= error_messages_for 'role' %>
2 2
3 <% unless @role.anonymous? %>
3 4 <div class="box tabular">
4 5 <% unless @role.builtin? %>
5 6 <p><%= f.text_field :name, :required => true %></p>
@@ -11,6 +12,7
11 12 <%= select_tag(:copy_workflow_from, content_tag("option") + options_from_collection_for_select(@roles, :id, :name, params[:copy_workflow_from] || @copy_from.try(:id))) %></p>
12 13 <% end %>
13 14 </div>
15 <% end %>
14 16
15 17 <h3><%= l(:label_permissions) %></h3>
16 18 <div class="box tabular" id="permissions">
Show file before | Show file after | Hide comments
@@ -110,6 +110,14 class RolesControllerTest < ActionController::TestCase
110 110 assert_response :success
111 111 assert_template 'edit'
112 112 assert_equal Role.find(1), assigns(:role)
113 assert_select 'select[name=?]', 'role[issues_visibility]'
114 end
115
116 def test_edit_anonymous
117 get :edit, :id => Role.anonymous.id
118 assert_response :success
119 assert_template 'edit'
120 assert_select 'select[name=?]', 'role[issues_visibility]', 0
113 121 end
114 122
115 123 def test_edit_invalid_should_respond_with_404
General Comments 0
You need to be logged in to leave comments. Login now