##// END OF EJS Templates
jro_apps » redmine
RSS
Fixed: Calendar and Gantt show private subprojects even if current user is not a member of them (#1217)....
Jean-Philippe Lang -
r1416:7ee38a95a005
parent child
Show More
Side by Side Unified
Context file:
r1416:7ee38a95a005 Loading diff...:
Show file before | Show file after | Hide comments
@@ -73,9 +73,9 class Project < ActiveRecord::Base
73 73
74 74 def issues_with_subprojects(include_subprojects=false)
75 75 conditions = nil
76 if include_subprojects && !active_children.empty?
77 ids = [id] + active_children.collect {|c| c.id}
78 conditions = ["#{Project.table_name}.id IN (#{ids.join(',')})"]
76 if include_subprojects
77 ids = [id] + child_ids
78 conditions = ["#{Project.table_name}.id IN (#{ids.join(',')}) AND #{Project.visible_by}"]
79 79 end
80 80 conditions ||= ["#{Project.table_name}.id = ?", id]
81 81 # Quick and dirty fix for Rails 2 compatibility
@@ -93,6 +93,7 class Project < ActiveRecord::Base
93 93 end
94 94
95 95 def self.visible_by(user=nil)
96 user ||= User.current
96 97 if user && user.admin?
97 98 return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"
98 99 elsif user && user.memberships.any?
Show file before | Show file after | Hide comments
@@ -71,4 +71,20 issues_005:
71 71 assigned_to_id:
72 72 author_id: 2
73 73 status_id: 1
74
74 issues_006:
75 created_on: <%= 1.minute.ago.to_date.to_s(:db) %>
76 project_id: 5
77 updated_on: <%= 1.minute.ago.to_date.to_s(:db) %>
78 priority_id: 4
79 subject: Issue of a private subproject
80 id: 6
81 fixed_version_id:
82 category_id:
83 description: This is an issue of a private subproject of cookbook
84 tracker_id: 1
85 assigned_to_id:
86 author_id: 2
87 status_id: 1
88 start_date: <%= Date.today.to_s(:db) %>
89 due_date: <%= 1.days.from_now.to_date.to_s(:db) %>
90 No newline at end of file
Show file before | Show file after | Hide comments
@@ -29,6 +29,7 class ProjectsControllerTest < Test::Unit::TestCase
29 29 @controller = ProjectsController.new
30 30 @request = ActionController::TestRequest.new
31 31 @response = ActionController::TestResponse.new
32 @request.session[:user_id] = nil
32 33 end
33 34
34 35 def test_index
@@ -237,11 +238,21 class ProjectsControllerTest < Test::Unit::TestCase
237 238 assert_not_nil assigns(:calendar)
238 239 end
239 240
240 def test_calendar_with_subprojects
241 def test_calendar_with_subprojects_should_not_show_private_subprojects
241 242 get :calendar, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2]
242 243 assert_response :success
243 244 assert_template 'calendar'
244 245 assert_not_nil assigns(:calendar)
246 assert_no_tag :tag => 'a', :content => /#6/
247 end
248
249 def test_calendar_with_subprojects_should_show_private_subprojects
250 @request.session[:user_id] = 2
251 get :calendar, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2]
252 assert_response :success
253 assert_template 'calendar'
254 assert_not_nil assigns(:calendar)
255 assert_tag :tag => 'a', :content => /#6/
245 256 end
246 257
247 258 def test_gantt
@@ -251,13 +262,23 class ProjectsControllerTest < Test::Unit::TestCase
251 262 assert_not_nil assigns(:events)
252 263 end
253 264
254 def test_gantt_with_subprojects
265 def test_gantt_with_subprojects_should_not_show_private_subprojects
255 266 get :gantt, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2]
256 267 assert_response :success
257 268 assert_template 'gantt.rhtml'
258 269 assert_not_nil assigns(:events)
270 assert_no_tag :tag => 'a', :content => /#6/
259 271 end
260 272
273 def test_gantt_with_subprojects_should_show_private_subprojects
274 @request.session[:user_id] = 2
275 get :gantt, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2]
276 assert_response :success
277 assert_template 'gantt.rhtml'
278 assert_not_nil assigns(:events)
279 assert_tag :tag => 'a', :content => /#6/
280 end
281
261 282 def test_gantt_export_to_pdf
262 283 get :gantt, :id => 1, :format => 'pdf'
263 284 assert_response :success
General Comments 0
You need to be logged in to leave comments. Login now