##// END OF EJS Templates
jro_apps » redmine
RSS
Fixed: User with groups may not see issues assigned to him or to its groups (#9478)....
Jean-Philippe Lang -
r7651:857cf5db38c2
parent child
Show More
Side by Side Unified
Context file:
r7651:857cf5db38c2 Loading diff...:
Show file before | Show file after | Hide comments
@@ -95,10 +95,10 class Issue < ActiveRecord::Base
95 nil
95 nil
96 when 'default'
96 when 'default'
97 user_ids = [user.id] + user.groups.map(&:id)
97 user_ids = [user.id] + user.groups.map(&:id)
98 "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids}))"
98 "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
99 when 'own'
99 when 'own'
100 user_ids = [user.id] + user.groups.map(&:id)
100 user_ids = [user.id] + user.groups.map(&:id)
101 "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids}))"
101 "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
102 else
102 else
103 '1=0'
103 '1=0'
104 end
104 end
Show file before | Show file after | Hide comments
@@ -160,6 +160,29 class IssueTest < ActiveSupport::TestCase
160 assert_visibility_match user, issues
160 assert_visibility_match user, issues
161 end
161 end
162
162
163 def test_visible_scope_for_member_with_groups_should_return_assigned_issues
164 user = User.find(8)
165 assert user.groups.any?
166 Member.create!(:principal => user.groups.first, :project_id => 1, :role_ids => [2])
167 Role.non_member.remove_permission!(:view_issues)
168
169 issue = Issue.create(:project_id => 1, :tracker_id => 1, :author_id => 3,
170 :status_id => 1, :priority => IssuePriority.all.first,
171 :subject => 'Assignment test',
172 :assigned_to => user.groups.first,
173 :is_private => true)
174
175 Role.find(2).update_attribute :issues_visibility, 'default'
176 issues = Issue.visible(User.find(8)).all
177 assert issues.any?
178 assert issues.include?(issue)
179
180 Role.find(2).update_attribute :issues_visibility, 'own'
181 issues = Issue.visible(User.find(8)).all
182 assert issues.any?
183 assert issues.include?(issue)
184 end
185
163 def test_visible_scope_for_admin
186 def test_visible_scope_for_admin
164 user = User.find(1)
187 user = User.find(1)
165 user.members.each(&:destroy)
188 user.members.each(&:destroy)
General Comments 0
You need to be logged in to leave comments. Login now