##// END OF EJS Templates
jro_apps » redmine
RSS
Assignable users should not include users that cannot view the tracker (#23172)....
Jean-Philippe Lang -
r15204:83777f727a42
parent child
Show More
Side by Side Unified
Context file:
r15204:83777f727a42 Loading diff...:
Show file before | Show file after | Hide comments
@@ -35,16 +35,8 class ContextMenusController < ApplicationController
35 :add_watchers => User.current.allowed_to?(:add_issue_watchers, @projects),
35 :add_watchers => User.current.allowed_to?(:add_issue_watchers, @projects),
36 :delete => @issues.all?(&:deletable?)
36 :delete => @issues.all?(&:deletable?)
37 }
37 }
38 if @project
38
39 if @issue
39 @assignables = @issues.map(&:assignable_users).reduce(:&)
40 @assignables = @issue.assignable_users
41 else
42 @assignables = @project.assignable_users
43 end
44 else
45 #when multiple projects, we only keep the intersection of each set
46 @assignables = @projects.map(&:assignable_users).reduce(:&)
47 end
48 @trackers = @projects.map {|p| Issue.allowed_target_trackers(p) }.reduce(:&)
40 @trackers = @projects.map {|p| Issue.allowed_target_trackers(p) }.reduce(:&)
49 @versions = @projects.map {|p| p.shared_versions.open}.reduce(:&)
41 @versions = @projects.map {|p| p.shared_versions.open}.reduce(:&)
50
42
Show file before | Show file after | Hide comments
@@ -854,7 +854,7 class Issue < ActiveRecord::Base
854
854
855 # Users the issue can be assigned to
855 # Users the issue can be assigned to
856 def assignable_users
856 def assignable_users
857 users = project.assignable_users.to_a
857 users = project.assignable_users(tracker).to_a
858 users << author if author && author.active?
858 users << author if author && author.active?
859 users << assigned_to if assigned_to
859 users << assigned_to if assigned_to
860 users.uniq.sort
860 users.uniq.sort
Show file before | Show file after | Hide comments
@@ -512,16 +512,27 class Project < ActiveRecord::Base
512 end
512 end
513
513
514 # Return a Principal scope of users/groups issues can be assigned to
514 # Return a Principal scope of users/groups issues can be assigned to
515 def assignable_users
515 def assignable_users(tracker=nil)
516 return @assignable_users[tracker] if @assignable_users && @assignable_users[tracker]
517
516 types = ['User']
518 types = ['User']
517 types << 'Group' if Setting.issue_group_assignment?
519 types << 'Group' if Setting.issue_group_assignment?
518
520
519 @assignable_users ||= Principal.
521 scope = Principal.
520 active.
522 active.
521 joins(:members => :roles).
523 joins(:members => :roles).
522 where(:type => types, :members => {:project_id => id}, :roles => {:assignable => true}).
524 where(:type => types, :members => {:project_id => id}, :roles => {:assignable => true}).
523 uniq.
525 uniq.
524 sorted
526 sorted
527
528 if tracker
529 # Rejects users that cannot the view the tracker
530 roles = Role.where(:assignable => true).select {|role| role.permissions_tracker?(:view_issues, tracker)}
531 scope = scope.where(:roles => {:id => roles.map(&:id)})
532 end
533
534 @assignable_users ||= {}
535 @assignable_users[tracker] = scope
525 end
536 end
526
537
527 # Returns the mail addresses of users that should be always notified on project events
538 # Returns the mail addresses of users that should be always notified on project events
Show file before | Show file after | Hide comments
@@ -222,6 +222,13 class Role < ActiveRecord::Base
222 permissions_all_trackers[permission.to_s].to_s != '0'
222 permissions_all_trackers[permission.to_s].to_s != '0'
223 end
223 end
224
224
225 # Returns true if permission is given for the tracker
226 # (explicitly or for all trackers)
227 def permissions_tracker?(permission, tracker)
228 permissions_all_trackers?(permission) ||
229 permissions_tracker_ids?(permission, tracker.try(:id))
230 end
231
225 # Sets the trackers that are allowed for a permission.
232 # Sets the trackers that are allowed for a permission.
226 # tracker_ids can be an array of tracker ids or :all for
233 # tracker_ids can be an array of tracker ids or :all for
227 # no restrictions.
234 # no restrictions.
Show file before | Show file after | Hide comments
@@ -2292,6 +2292,19 class IssueTest < ActiveSupport::TestCase
2292 end
2292 end
2293 end
2293 end
2294
2294
2295 def test_assignable_users_should_not_include_users_that_cannot_view_the_tracker
2296 user = User.find(3)
2297 role = Role.find(2)
2298 role.set_permission_trackers :view_issues, [1, 3]
2299 role.save!
2300
2301 issue1 = Issue.new(:project_id => 1, :tracker_id => 1)
2302 issue2 = Issue.new(:project_id => 1, :tracker_id => 2)
2303
2304 assert_include user, issue1.assignable_users
2305 assert_not_include user, issue2.assignable_users
2306 end
2307
2295 def test_create_should_send_email_notification
2308 def test_create_should_send_email_notification
2296 ActionMailer::Base.deliveries.clear
2309 ActionMailer::Base.deliveries.clear
2297 issue = Issue.new(:project_id => 1, :tracker_id => 1,
2310 issue = Issue.new(:project_id => 1, :tracker_id => 1,
General Comments 0
You need to be logged in to leave comments. Login now