##// END OF EJS Templates
jro_apps » redmine
RSS
Fixed that user with permission can't remove a locked watcher (#21382)....
Jean-Philippe Lang -
r14564:9b52ae5c5a64
parent child
Show More
Side by Side Unified
Context file:
r14564:9b52ae5c5a64 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,131 +1,133
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2015 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class WatchersController < ApplicationController
19 19 before_filter :require_login, :find_watchables, :only => [:watch, :unwatch]
20 20
21 21 def watch
22 22 set_watcher(@watchables, User.current, true)
23 23 end
24 24
25 25 def unwatch
26 26 set_watcher(@watchables, User.current, false)
27 27 end
28 28
29 29 before_filter :find_project, :authorize, :only => [:new, :create, :append, :destroy, :autocomplete_for_user]
30 30 accept_api_auth :create, :destroy
31 31
32 32 def new
33 33 @users = users_for_new_watcher
34 34 end
35 35
36 36 def create
37 37 user_ids = []
38 38 if params[:watcher].is_a?(Hash)
39 39 user_ids << (params[:watcher][:user_ids] || params[:watcher][:user_id])
40 40 else
41 41 user_ids << params[:user_id]
42 42 end
43 43 users = User.active.visible.where(:id => user_ids.flatten.compact.uniq)
44 44 users.each do |user|
45 45 Watcher.create(:watchable => @watched, :user => user)
46 46 end
47 47 respond_to do |format|
48 48 format.html { redirect_to_referer_or {render :text => 'Watcher added.', :layout => true}}
49 49 format.js { @users = users_for_new_watcher }
50 50 format.api { render_api_ok }
51 51 end
52 52 end
53 53
54 54 def append
55 55 if params[:watcher].is_a?(Hash)
56 56 user_ids = params[:watcher][:user_ids] || [params[:watcher][:user_id]]
57 57 @users = User.active.visible.where(:id => user_ids).to_a
58 58 end
59 59 if @users.blank?
60 60 render :nothing => true
61 61 end
62 62 end
63 63
64 64 def destroy
65 @watched.set_watcher(User.visible.find(params[:user_id]), false)
65 @watched.set_watcher(User.find(params[:user_id]), false)
66 66 respond_to do |format|
67 67 format.html { redirect_to :back }
68 68 format.js
69 69 format.api { render_api_ok }
70 70 end
71 rescue ActiveRecord::RecordNotFound
72 render_404
71 73 end
72 74
73 75 def autocomplete_for_user
74 76 @users = users_for_new_watcher
75 77 render :layout => false
76 78 end
77 79
78 80 private
79 81
80 82 def find_project
81 83 if params[:object_type] && params[:object_id]
82 84 klass = Object.const_get(params[:object_type].camelcase)
83 85 return false unless klass.respond_to?('watched_by')
84 86 @watched = klass.find(params[:object_id])
85 87 @project = @watched.project
86 88 elsif params[:project_id]
87 89 @project = Project.visible.find_by_param(params[:project_id])
88 90 end
89 91 rescue
90 92 render_404
91 93 end
92 94
93 95 def find_watchables
94 96 klass = Object.const_get(params[:object_type].camelcase) rescue nil
95 97 if klass && klass.respond_to?('watched_by')
96 98 @watchables = klass.where(:id => Array.wrap(params[:object_id])).to_a
97 99 raise Unauthorized if @watchables.any? {|w|
98 100 if w.respond_to?(:visible?)
99 101 !w.visible?
100 102 elsif w.respond_to?(:project) && w.project
101 103 !w.project.visible?
102 104 end
103 105 }
104 106 end
105 107 render_404 unless @watchables.present?
106 108 end
107 109
108 110 def set_watcher(watchables, user, watching)
109 111 watchables.each do |watchable|
110 112 watchable.set_watcher(user, watching)
111 113 end
112 114 respond_to do |format|
113 115 format.html { redirect_to_referer_or {render :text => (watching ? 'Watcher added.' : 'Watcher removed.'), :layout => true}}
114 116 format.js { render :partial => 'set_watcher', :locals => {:user => user, :watched => watchables} }
115 117 end
116 118 end
117 119
118 120 def users_for_new_watcher
119 121 scope = nil
120 122 if params[:q].blank? && @project.present?
121 123 scope = @project.users
122 124 else
123 125 scope = User.all.limit(100)
124 126 end
125 127 users = scope.active.visible.sorted.like(params[:q]).to_a
126 128 if @watched
127 129 users -= @watched.watcher_users
128 130 end
129 131 users
130 132 end
131 133 end
Show file before | Show file after | Hide comments
@@ -1,271 +1,293
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2015 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.expand_path('../../test_helper', __FILE__)
19 19
20 20 class WatchersControllerTest < ActionController::TestCase
21 21 fixtures :projects, :users, :roles, :members, :member_roles, :enabled_modules,
22 22 :issues, :trackers, :projects_trackers, :issue_statuses, :enumerations, :watchers
23 23
24 24 def setup
25 25 User.current = nil
26 26 end
27 27
28 28 def test_watch_a_single_object
29 29 @request.session[:user_id] = 3
30 30 assert_difference('Watcher.count') do
31 31 xhr :post, :watch, :object_type => 'issue', :object_id => '1'
32 32 assert_response :success
33 33 assert_include '$(".issue-1-watcher")', response.body
34 34 end
35 35 assert Issue.find(1).watched_by?(User.find(3))
36 36 end
37 37
38 38 def test_watch_a_collection_with_a_single_object
39 39 @request.session[:user_id] = 3
40 40 assert_difference('Watcher.count') do
41 41 xhr :post, :watch, :object_type => 'issue', :object_id => ['1']
42 42 assert_response :success
43 43 assert_include '$(".issue-1-watcher")', response.body
44 44 end
45 45 assert Issue.find(1).watched_by?(User.find(3))
46 46 end
47 47
48 48 def test_watch_a_collection_with_multiple_objects
49 49 @request.session[:user_id] = 3
50 50 assert_difference('Watcher.count', 2) do
51 51 xhr :post, :watch, :object_type => 'issue', :object_id => ['1', '3']
52 52 assert_response :success
53 53 assert_include '$(".issue-bulk-watcher")', response.body
54 54 end
55 55 assert Issue.find(1).watched_by?(User.find(3))
56 56 assert Issue.find(3).watched_by?(User.find(3))
57 57 end
58 58
59 59 def test_watch_a_news_module_should_add_watcher
60 60 @request.session[:user_id] = 7
61 61 assert_not_nil m = Project.find(1).enabled_module('news')
62 62
63 63 assert_difference 'Watcher.count' do
64 64 xhr :post, :watch, :object_type => 'enabled_module', :object_id => m.id.to_s
65 65 assert_response :success
66 66 end
67 67 assert m.reload.watched_by?(User.find(7))
68 68 end
69 69
70 70 def test_watch_a_private_news_module_without_permission_should_fail
71 71 @request.session[:user_id] = 7
72 72 assert_not_nil m = Project.find(2).enabled_module('news')
73 73
74 74 assert_no_difference 'Watcher.count' do
75 75 xhr :post, :watch, :object_type => 'enabled_module', :object_id => m.id.to_s
76 76 assert_response 403
77 77 end
78 78 end
79 79
80 80 def test_watch_should_be_denied_without_permission
81 81 Role.find(2).remove_permission! :view_issues
82 82 @request.session[:user_id] = 3
83 83 assert_no_difference('Watcher.count') do
84 84 xhr :post, :watch, :object_type => 'issue', :object_id => '1'
85 85 assert_response 403
86 86 end
87 87 end
88 88
89 89 def test_watch_invalid_class_should_respond_with_404
90 90 @request.session[:user_id] = 3
91 91 assert_no_difference('Watcher.count') do
92 92 xhr :post, :watch, :object_type => 'foo', :object_id => '1'
93 93 assert_response 404
94 94 end
95 95 end
96 96
97 97 def test_watch_invalid_object_should_respond_with_404
98 98 @request.session[:user_id] = 3
99 99 assert_no_difference('Watcher.count') do
100 100 xhr :post, :watch, :object_type => 'issue', :object_id => '999'
101 101 assert_response 404
102 102 end
103 103 end
104 104
105 105 def test_unwatch
106 106 @request.session[:user_id] = 3
107 107 assert_difference('Watcher.count', -1) do
108 108 xhr :delete, :unwatch, :object_type => 'issue', :object_id => '2'
109 109 assert_response :success
110 110 assert_include '$(".issue-2-watcher")', response.body
111 111 end
112 112 assert !Issue.find(1).watched_by?(User.find(3))
113 113 end
114 114
115 115 def test_unwatch_a_collection_with_multiple_objects
116 116 @request.session[:user_id] = 3
117 117 Watcher.create!(:user_id => 3, :watchable => Issue.find(1))
118 118 Watcher.create!(:user_id => 3, :watchable => Issue.find(3))
119 119
120 120 assert_difference('Watcher.count', -2) do
121 121 xhr :delete, :unwatch, :object_type => 'issue', :object_id => ['1', '3']
122 122 assert_response :success
123 123 assert_include '$(".issue-bulk-watcher")', response.body
124 124 end
125 125 assert !Issue.find(1).watched_by?(User.find(3))
126 126 assert !Issue.find(3).watched_by?(User.find(3))
127 127 end
128 128
129 129 def test_new
130 130 @request.session[:user_id] = 2
131 131 xhr :get, :new, :object_type => 'issue', :object_id => '2'
132 132 assert_response :success
133 133 assert_match /ajax-modal/, response.body
134 134 end
135 135
136 136 def test_new_for_new_record_with_project_id
137 137 @request.session[:user_id] = 2
138 138 xhr :get, :new, :project_id => 1
139 139 assert_response :success
140 140 assert_equal Project.find(1), assigns(:project)
141 141 assert_match /ajax-modal/, response.body
142 142 end
143 143
144 144 def test_new_for_new_record_with_project_identifier
145 145 @request.session[:user_id] = 2
146 146 xhr :get, :new, :project_id => 'ecookbook'
147 147 assert_response :success
148 148 assert_equal Project.find(1), assigns(:project)
149 149 assert_match /ajax-modal/, response.body
150 150 end
151 151
152 152 def test_create
153 153 @request.session[:user_id] = 2
154 154 assert_difference('Watcher.count') do
155 155 xhr :post, :create, :object_type => 'issue', :object_id => '2',
156 156 :watcher => {:user_id => '4'}
157 157 assert_response :success
158 158 assert_match /watchers/, response.body
159 159 assert_match /ajax-modal/, response.body
160 160 end
161 161 assert Issue.find(2).watched_by?(User.find(4))
162 162 end
163 163
164 164 def test_create_multiple
165 165 @request.session[:user_id] = 2
166 166 assert_difference('Watcher.count', 2) do
167 167 xhr :post, :create, :object_type => 'issue', :object_id => '2',
168 168 :watcher => {:user_ids => ['4', '7']}
169 169 assert_response :success
170 170 assert_match /watchers/, response.body
171 171 assert_match /ajax-modal/, response.body
172 172 end
173 173 assert Issue.find(2).watched_by?(User.find(4))
174 174 assert Issue.find(2).watched_by?(User.find(7))
175 175 end
176 176
177 177 def test_autocomplete_on_watchable_creation
178 178 @request.session[:user_id] = 2
179 179 xhr :get, :autocomplete_for_user, :q => 'mi', :project_id => 'ecookbook'
180 180 assert_response :success
181 181 assert_select 'input', :count => 4
182 182 assert_select 'input[name=?][value="1"]', 'watcher[user_ids][]'
183 183 assert_select 'input[name=?][value="2"]', 'watcher[user_ids][]'
184 184 assert_select 'input[name=?][value="8"]', 'watcher[user_ids][]'
185 185 assert_select 'input[name=?][value="9"]', 'watcher[user_ids][]'
186 186 end
187 187
188 188 def test_search_non_member_on_create
189 189 @request.session[:user_id] = 2
190 190 project = Project.find_by_name("ecookbook")
191 191 user = User.generate!(:firstname => 'issue15622')
192 192 membership = user.membership(project)
193 193 assert_nil membership
194 194 xhr :get, :autocomplete_for_user, :q => 'issue15622', :project_id => 'ecookbook'
195 195 assert_response :success
196 196 assert_select 'input', :count => 1
197 197 end
198 198
199 199 def test_autocomplete_on_watchable_update
200 200 @request.session[:user_id] = 2
201 201 xhr :get, :autocomplete_for_user, :q => 'mi', :object_id => '2',
202 202 :object_type => 'issue', :project_id => 'ecookbook'
203 203 assert_response :success
204 204 assert_select 'input', :count => 3
205 205 assert_select 'input[name=?][value="2"]', 'watcher[user_ids][]'
206 206 assert_select 'input[name=?][value="8"]', 'watcher[user_ids][]'
207 207 assert_select 'input[name=?][value="9"]', 'watcher[user_ids][]'
208 208 end
209 209
210 210 def test_search_and_add_non_member_on_update
211 211 @request.session[:user_id] = 2
212 212 project = Project.find_by_name("ecookbook")
213 213 user = User.generate!(:firstname => 'issue15622')
214 214 membership = user.membership(project)
215 215 assert_nil membership
216 216 xhr :get, :autocomplete_for_user, :q => 'issue15622', :object_id => '2',
217 217 :object_type => 'issue', :project_id => 'ecookbook'
218 218 assert_response :success
219 219 assert_select 'input', :count => 1
220 220 assert_difference('Watcher.count', 1) do
221 221 xhr :post, :create, :object_type => 'issue', :object_id => '2',
222 222 :watcher => {:user_ids => ["#{user.id}"]}
223 223 assert_response :success
224 224 assert_match /watchers/, response.body
225 225 assert_match /ajax-modal/, response.body
226 226 end
227 227 assert Issue.find(2).watched_by?(user)
228 228 end
229 229
230 230 def test_autocomplete_for_user_should_return_visible_users
231 231 Role.update_all :users_visibility => 'members_of_visible_projects'
232 232
233 233 hidden = User.generate!(:lastname => 'autocomplete')
234 234 visible = User.generate!(:lastname => 'autocomplete')
235 235 User.add_to_project(visible, Project.find(1))
236 236
237 237 @request.session[:user_id] = 2
238 238 xhr :get, :autocomplete_for_user, :q => 'autocomp', :project_id => 'ecookbook'
239 239 assert_response :success
240 240
241 241 assert_include visible, assigns(:users)
242 242 assert_not_include hidden, assigns(:users)
243 243 end
244 244
245 245 def test_append
246 246 @request.session[:user_id] = 2
247 247 assert_no_difference 'Watcher.count' do
248 248 xhr :post, :append, :watcher => {:user_ids => ['4', '7']}, :project_id => 'ecookbook'
249 249 assert_response :success
250 250 assert_include 'watchers_inputs', response.body
251 251 assert_include 'issue[watcher_user_ids][]', response.body
252 252 end
253 253 end
254 254
255 255 def test_append_without_user_should_render_nothing
256 256 @request.session[:user_id] = 2
257 257 xhr :post, :append, :project_id => 'ecookbook'
258 258 assert_response :success
259 259 assert response.body.blank?
260 260 end
261 261
262 def test_remove_watcher
262 def test_destroy
263 263 @request.session[:user_id] = 2
264 264 assert_difference('Watcher.count', -1) do
265 265 xhr :delete, :destroy, :object_type => 'issue', :object_id => '2', :user_id => '3'
266 266 assert_response :success
267 267 assert_match /watchers/, response.body
268 268 end
269 269 assert !Issue.find(2).watched_by?(User.find(3))
270 270 end
271
272 def test_destroy_locked_user
273 user = User.find(3)
274 user.lock!
275 assert user.reload.locked?
276
277 @request.session[:user_id] = 2
278 assert_difference('Watcher.count', -1) do
279 xhr :delete, :destroy, :object_type => 'issue', :object_id => '2', :user_id => '3'
280 assert_response :success
281 assert_match /watchers/, response.body
282 end
283 assert !Issue.find(2).watched_by?(User.find(3))
284 end
285
286 def test_destroy_invalid_user_should_respond_with_404
287 @request.session[:user_id] = 2
288 assert_no_difference('Watcher.count') do
289 delete :destroy, :object_type => 'issue', :object_id => '2', :user_id => '999'
290 assert_response 404
291 end
292 end
271 293 end
General Comments 0
You need to be logged in to leave comments. Login now