| @@ -88,11 +88,19 class Issue < ActiveRecord::Base | |||||
| 88 | when 'all' |
|
88 | when 'all' | |
| 89 | nil |
|
89 | nil | |
| 90 | when 'default' |
|
90 | when 'default' | |
| 91 | user_ids = [user.id] + user.groups.map(&:id) |
|
91 | if user.logged? | |
| 92 | "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" |
|
92 | user_ids = [user.id] + user.groups.map(&:id) | |
|
|
93 | "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" | |||
|
|
94 | else | |||
|
|
95 | "(#{table_name}.is_private = #{connection.quoted_false})" | |||
|
|
96 | end | |||
| 93 | when 'own' |
|
97 | when 'own' | |
| 94 | user_ids = [user.id] + user.groups.map(&:id) |
|
98 | if user.logged? | |
| 95 | "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" |
|
99 | user_ids = [user.id] + user.groups.map(&:id) | |
|
|
100 | "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" | |||
|
|
101 | else | |||
|
|
102 | '1=0' | |||
|
|
103 | end | |||
| 96 | else |
|
104 | else | |
| 97 | '1=0' |
|
105 | '1=0' | |
| 98 | end |
|
106 | end | |
| @@ -106,9 +114,9 class Issue < ActiveRecord::Base | |||||
| 106 | when 'all' |
|
114 | when 'all' | |
| 107 | true |
|
115 | true | |
| 108 | when 'default' |
|
116 | when 'default' | |
| 109 | !self.is_private? || self.author == user || user.is_or_belongs_to?(assigned_to) |
|
117 | !self.is_private? || (user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to))) | |
| 110 | when 'own' |
|
118 | when 'own' | |
| 111 | self.author == user || user.is_or_belongs_to?(assigned_to) |
|
119 | user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to)) | |
| 112 | else |
|
120 | else | |
| 113 | false |
|
121 | false | |
| 114 | end |
|
122 | end | |
| @@ -25,7 +25,7 class IssueTest < ActiveSupport::TestCase | |||||
| 25 | :versions, |
|
25 | :versions, | |
| 26 | :issue_statuses, :issue_categories, :issue_relations, :workflows, |
|
26 | :issue_statuses, :issue_categories, :issue_relations, :workflows, | |
| 27 | :enumerations, |
|
27 | :enumerations, | |
| 28 | :issues, |
|
28 | :issues, :journals, :journal_details, | |
| 29 | :custom_fields, :custom_fields_projects, :custom_fields_trackers, :custom_values, |
|
29 | :custom_fields, :custom_fields_projects, :custom_fields_trackers, :custom_values, | |
| 30 | :time_entries |
|
30 | :time_entries | |
| 31 |
|
31 | |||
| @@ -105,18 +105,6 class IssueTest < ActiveSupport::TestCase | |||||
| 105 | assert_visibility_match User.anonymous, issues |
|
105 | assert_visibility_match User.anonymous, issues | |
| 106 | end |
|
106 | end | |
| 107 |
|
107 | |||
| 108 | def test_visible_scope_for_anonymous_with_own_issues_visibility |
|
|||
| 109 | Role.anonymous.update_attribute :issues_visibility, 'own' |
|
|||
| 110 | Issue.create!(:project_id => 1, :tracker_id => 1, |
|
|||
| 111 | :author_id => User.anonymous.id, |
|
|||
| 112 | :subject => 'Issue by anonymous') |
|
|||
| 113 |
|
||||
| 114 | issues = Issue.visible(User.anonymous).all |
|
|||
| 115 | assert issues.any? |
|
|||
| 116 | assert_nil issues.detect {|issue| issue.author != User.anonymous} |
|
|||
| 117 | assert_visibility_match User.anonymous, issues |
|
|||
| 118 | end |
|
|||
| 119 |
|
||||
| 120 | def test_visible_scope_for_anonymous_without_view_issues_permissions |
|
108 | def test_visible_scope_for_anonymous_without_view_issues_permissions | |
| 121 | # Anonymous user should not see issues without permission |
|
109 | # Anonymous user should not see issues without permission | |
| 122 | Role.anonymous.remove_permission!(:view_issues) |
|
110 | Role.anonymous.remove_permission!(:view_issues) | |
| @@ -125,6 +113,20 class IssueTest < ActiveSupport::TestCase | |||||
| 125 | assert_visibility_match User.anonymous, issues |
|
113 | assert_visibility_match User.anonymous, issues | |
| 126 | end |
|
114 | end | |
| 127 |
|
115 | |||
|
|
116 | def test_anonymous_should_not_see_private_issues_with_issues_visibility_set_to_default | |||
|
|
117 | assert Role.anonymous.update_attribute(:issues_visibility, 'default') | |||
|
|
118 | issue = Issue.generate_for_project!(Project.find(1), :author => User.anonymous, :assigned_to => User.anonymous, :is_private => true) | |||
|
|
119 | assert_nil Issue.where(:id => issue.id).visible(User.anonymous).first | |||
|
|
120 | assert !issue.visible?(User.anonymous) | |||
|
|
121 | end | |||
|
|
122 | ||||
|
|
123 | def test_anonymous_should_not_see_private_issues_with_issues_visibility_set_to_own | |||
|
|
124 | assert Role.anonymous.update_attribute(:issues_visibility, 'own') | |||
|
|
125 | issue = Issue.generate_for_project!(Project.find(1), :author => User.anonymous, :assigned_to => User.anonymous, :is_private => true) | |||
|
|
126 | assert_nil Issue.where(:id => issue.id).visible(User.anonymous).first | |||
|
|
127 | assert !issue.visible?(User.anonymous) | |||
|
|
128 | end | |||
|
|
129 | ||||
| 128 | def test_visible_scope_for_non_member |
|
130 | def test_visible_scope_for_non_member | |
| 129 | user = User.find(9) |
|
131 | user = User.find(9) | |
| 130 | assert user.projects.empty? |
|
132 | assert user.projects.empty? | |
General Comments 0
You need to be logged in to leave comments.
Login now