| @@ -88,11 +88,19 class Issue < ActiveRecord::Base | |||
|
|
88 | 88 | when 'all' |
|
|
89 | 89 | nil |
|
|
90 | 90 | when 'default' |
|
|
91 | user_ids = [user.id] + user.groups.map(&:id) | |
|
|
92 | "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" | |
|
|
91 | if user.logged? | |
|
|
92 | user_ids = [user.id] + user.groups.map(&:id) | |
|
|
93 | "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" | |
|
|
94 | else | |
|
|
95 | "(#{table_name}.is_private = #{connection.quoted_false})" | |
|
|
96 | end | |
|
|
93 | 97 | when 'own' |
|
|
94 | user_ids = [user.id] + user.groups.map(&:id) | |
|
|
95 | "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" | |
|
|
98 | if user.logged? | |
|
|
99 | user_ids = [user.id] + user.groups.map(&:id) | |
|
|
100 | "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" | |
|
|
101 | else | |
|
|
102 | '1=0' | |
|
|
103 | end | |
|
|
96 | 104 | else |
|
|
97 | 105 | '1=0' |
|
|
98 | 106 | end |
| @@ -106,9 +114,9 class Issue < ActiveRecord::Base | |||
|
|
106 | 114 | when 'all' |
|
|
107 | 115 | true |
|
|
108 | 116 | when 'default' |
|
|
109 | !self.is_private? || self.author == user || user.is_or_belongs_to?(assigned_to) | |
|
|
117 | !self.is_private? || (user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to))) | |
|
|
110 | 118 | when 'own' |
|
|
111 | self.author == user || user.is_or_belongs_to?(assigned_to) | |
|
|
119 | user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to)) | |
|
|
112 | 120 | else |
|
|
113 | 121 | false |
|
|
114 | 122 | end |
| @@ -25,7 +25,7 class IssueTest < ActiveSupport::TestCase | |||
|
|
25 | 25 | :versions, |
|
|
26 | 26 | :issue_statuses, :issue_categories, :issue_relations, :workflows, |
|
|
27 | 27 | :enumerations, |
|
|
28 | :issues, | |
|
|
28 | :issues, :journals, :journal_details, | |
|
|
29 | 29 | :custom_fields, :custom_fields_projects, :custom_fields_trackers, :custom_values, |
|
|
30 | 30 | :time_entries |
|
|
31 | 31 | |
| @@ -105,18 +105,6 class IssueTest < ActiveSupport::TestCase | |||
|
|
105 | 105 | assert_visibility_match User.anonymous, issues |
|
|
106 | 106 | end |
|
|
107 | 107 | |
|
|
108 | def test_visible_scope_for_anonymous_with_own_issues_visibility | |
|
|
109 | Role.anonymous.update_attribute :issues_visibility, 'own' | |
|
|
110 | Issue.create!(:project_id => 1, :tracker_id => 1, | |
|
|
111 | :author_id => User.anonymous.id, | |
|
|
112 | :subject => 'Issue by anonymous') | |
|
|
113 | ||
|
|
114 | issues = Issue.visible(User.anonymous).all | |
|
|
115 | assert issues.any? | |
|
|
116 | assert_nil issues.detect {|issue| issue.author != User.anonymous} | |
|
|
117 | assert_visibility_match User.anonymous, issues | |
|
|
118 | end | |
|
|
119 | ||
|
|
120 | 108 | def test_visible_scope_for_anonymous_without_view_issues_permissions |
|
|
121 | 109 | # Anonymous user should not see issues without permission |
|
|
122 | 110 | Role.anonymous.remove_permission!(:view_issues) |
| @@ -125,6 +113,20 class IssueTest < ActiveSupport::TestCase | |||
|
|
125 | 113 | assert_visibility_match User.anonymous, issues |
|
|
126 | 114 | end |
|
|
127 | 115 | |
|
|
116 | def test_anonymous_should_not_see_private_issues_with_issues_visibility_set_to_default | |
|
|
117 | assert Role.anonymous.update_attribute(:issues_visibility, 'default') | |
|
|
118 | issue = Issue.generate_for_project!(Project.find(1), :author => User.anonymous, :assigned_to => User.anonymous, :is_private => true) | |
|
|
119 | assert_nil Issue.where(:id => issue.id).visible(User.anonymous).first | |
|
|
120 | assert !issue.visible?(User.anonymous) | |
|
|
121 | end | |
|
|
122 | ||
|
|
123 | def test_anonymous_should_not_see_private_issues_with_issues_visibility_set_to_own | |
|
|
124 | assert Role.anonymous.update_attribute(:issues_visibility, 'own') | |
|
|
125 | issue = Issue.generate_for_project!(Project.find(1), :author => User.anonymous, :assigned_to => User.anonymous, :is_private => true) | |
|
|
126 | assert_nil Issue.where(:id => issue.id).visible(User.anonymous).first | |
|
|
127 | assert !issue.visible?(User.anonymous) | |
|
|
128 | end | |
|
|
129 | ||
|
|
128 | 130 | def test_visible_scope_for_non_member |
|
|
129 | 131 | user = User.find(9) |
|
|
130 | 132 | assert user.projects.empty? |
General Comments 0
You need to be logged in to leave comments.
Login now