##// END OF EJS Templates
jro_apps » redmine
RSS
Assignable users should not include users that cannot view the tracker (#23172)....
Jean-Philippe Lang -
r15204:83777f727a42
parent child
Show More
Side by Side Unified
Context file:
r15204:83777f727a42 Loading diff...:
Show file before | Show file after | Hide comments
@@ -35,16 +35,8 class ContextMenusController < ApplicationController
35 35 :add_watchers => User.current.allowed_to?(:add_issue_watchers, @projects),
36 36 :delete => @issues.all?(&:deletable?)
37 37 }
38 if @project
39 if @issue
40 @assignables = @issue.assignable_users
41 else
42 @assignables = @project.assignable_users
43 end
44 else
45 #when multiple projects, we only keep the intersection of each set
46 @assignables = @projects.map(&:assignable_users).reduce(:&)
47 end
38
39 @assignables = @issues.map(&:assignable_users).reduce(:&)
48 40 @trackers = @projects.map {|p| Issue.allowed_target_trackers(p) }.reduce(:&)
49 41 @versions = @projects.map {|p| p.shared_versions.open}.reduce(:&)
50 42
Show file before | Show file after | Hide comments
@@ -854,7 +854,7 class Issue < ActiveRecord::Base
854 854
855 855 # Users the issue can be assigned to
856 856 def assignable_users
857 users = project.assignable_users.to_a
857 users = project.assignable_users(tracker).to_a
858 858 users << author if author && author.active?
859 859 users << assigned_to if assigned_to
860 860 users.uniq.sort
Show file before | Show file after | Hide comments
@@ -512,16 +512,27 class Project < ActiveRecord::Base
512 512 end
513 513
514 514 # Return a Principal scope of users/groups issues can be assigned to
515 def assignable_users
515 def assignable_users(tracker=nil)
516 return @assignable_users[tracker] if @assignable_users && @assignable_users[tracker]
517
516 518 types = ['User']
517 519 types << 'Group' if Setting.issue_group_assignment?
518 520
519 @assignable_users ||= Principal.
521 scope = Principal.
520 522 active.
521 523 joins(:members => :roles).
522 524 where(:type => types, :members => {:project_id => id}, :roles => {:assignable => true}).
523 525 uniq.
524 526 sorted
527
528 if tracker
529 # Rejects users that cannot the view the tracker
530 roles = Role.where(:assignable => true).select {|role| role.permissions_tracker?(:view_issues, tracker)}
531 scope = scope.where(:roles => {:id => roles.map(&:id)})
532 end
533
534 @assignable_users ||= {}
535 @assignable_users[tracker] = scope
525 536 end
526 537
527 538 # Returns the mail addresses of users that should be always notified on project events
Show file before | Show file after | Hide comments
@@ -222,6 +222,13 class Role < ActiveRecord::Base
222 222 permissions_all_trackers[permission.to_s].to_s != '0'
223 223 end
224 224
225 # Returns true if permission is given for the tracker
226 # (explicitly or for all trackers)
227 def permissions_tracker?(permission, tracker)
228 permissions_all_trackers?(permission) ||
229 permissions_tracker_ids?(permission, tracker.try(:id))
230 end
231
225 232 # Sets the trackers that are allowed for a permission.
226 233 # tracker_ids can be an array of tracker ids or :all for
227 234 # no restrictions.
Show file before | Show file after | Hide comments
@@ -2292,6 +2292,19 class IssueTest < ActiveSupport::TestCase
2292 2292 end
2293 2293 end
2294 2294
2295 def test_assignable_users_should_not_include_users_that_cannot_view_the_tracker
2296 user = User.find(3)
2297 role = Role.find(2)
2298 role.set_permission_trackers :view_issues, [1, 3]
2299 role.save!
2300
2301 issue1 = Issue.new(:project_id => 1, :tracker_id => 1)
2302 issue2 = Issue.new(:project_id => 1, :tracker_id => 2)
2303
2304 assert_include user, issue1.assignable_users
2305 assert_not_include user, issue2.assignable_users
2306 end
2307
2295 2308 def test_create_should_send_email_notification
2296 2309 ActionMailer::Base.deliveries.clear
2297 2310 issue = Issue.new(:project_id => 1, :tracker_id => 1,
General Comments 0
You need to be logged in to leave comments. Login now