| @@ -32,11 +32,6 class Issue < ActiveRecord::Base | |||
|
|
32 | 32 | belongs_to :category, :class_name => 'IssueCategory' |
|
|
33 | 33 | |
|
|
34 | 34 | has_many :journals, :as => :journalized, :dependent => :destroy, :inverse_of => :journalized |
|
|
35 | has_many :visible_journals, | |
|
|
36 | lambda {where(["(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(User.current, :view_private_notes)}))", false])}, | |
|
|
37 | :class_name => 'Journal', | |
|
|
38 | :as => :journalized | |
|
|
39 | ||
|
|
40 | 35 | has_many :time_entries, :dependent => :destroy |
|
|
41 | 36 | has_and_belongs_to_many :changesets, lambda {order("#{Changeset.table_name}.committed_on ASC, #{Changeset.table_name}.id ASC")} |
|
|
42 | 37 | |
| @@ -822,7 +817,12 class Issue < ActiveRecord::Base | |||
|
|
822 | 817 | reorder(:created_on, :id).to_a |
|
|
823 | 818 | |
|
|
824 | 819 | result.each_with_index {|j,i| j.indice = i+1} |
|
|
825 | result.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, project) | |
|
|
820 | ||
|
|
821 | unless user.allowed_to?(:view_private_notes, project) | |
|
|
822 | result.select! do |journal| | |
|
|
823 | !journal.private_notes? || journal.user == user | |
|
|
824 | end | |
|
|
825 | end | |
|
|
826 | 826 | Journal.preload_journals_details_custom_fields(result) |
|
|
827 | 827 | result.select! {|journal| journal.notes? || journal.visible_details.any?} |
|
|
828 | 828 | result |
| @@ -47,9 +47,10 class Journal < ActiveRecord::Base | |||
|
|
47 | 47 | |
|
|
48 | 48 | scope :visible, lambda {|*args| |
|
|
49 | 49 | user = args.shift || User.current |
|
|
50 | private_notes_condition = Project.allowed_to_condition(user, :view_private_notes, *args) | |
|
|
50 | 51 | joins(:issue => :project). |
|
|
51 | 52 | where(Issue.visible_condition(user, *args)). |
|
|
52 |
where("(#{Journal.table_name}.private_notes = ? OR |
|
|
|
53 | where("(#{Journal.table_name}.private_notes = ? OR #{Journal.table_name}.user_id = ? OR (#{private_notes_condition}))", false, user.id) | |
|
|
53 | 54 | } |
|
|
54 | 55 | |
|
|
55 | 56 | safe_attributes 'notes', |
| @@ -1605,6 +1605,20 class IssuesControllerTest < Redmine::ControllerTest | |||
|
|
1605 | 1605 | assert_select "#change-#{journal.id}", 0 |
|
|
1606 | 1606 | end |
|
|
1607 | 1607 | |
|
|
1608 | def test_show_should_display_private_notes_created_by_current_user | |
|
|
1609 | User.find(3).roles_for_project(Project.find(1)).each do |role| | |
|
|
1610 | role.remove_permission! :view_private_notes | |
|
|
1611 | end | |
|
|
1612 | visible = Journal.create!(:journalized => Issue.find(2), :notes => 'Private notes', :private_notes => true, :user_id => 3) | |
|
|
1613 | not_visible = Journal.create!(:journalized => Issue.find(2), :notes => 'Private notes', :private_notes => true, :user_id => 1) | |
|
|
1614 | @request.session[:user_id] = 3 | |
|
|
1615 | ||
|
|
1616 | get :show, :id => 2 | |
|
|
1617 | assert_response :success | |
|
|
1618 | assert_select "#change-#{visible.id}", 1 | |
|
|
1619 | assert_select "#change-#{not_visible.id}", 0 | |
|
|
1620 | end | |
|
|
1621 | ||
|
|
1608 | 1622 | def test_show_atom |
|
|
1609 | 1623 | get :show, :id => 2, :format => 'atom' |
|
|
1610 | 1624 | assert_response :success |
General Comments 0
You need to be logged in to leave comments.
Login now