jro_apps/redmine Commit - r15368:d5ca4a3593de

Fixed that restricted custom permissions on for non member/anonymous does not work (#23655). ...

Jean-Philippe Lang -

r15368:d5ca4a3593de

parent child

Context file:

r15368:d5ca4a3593de

app/models/project.rb +3 -1

                     if role.allowed_to?(permission)
                       s = "#{Project.table_name}.is_public = #{connection.quoted_true}"
                       if user.id
-                        s = "(#{s} AND #{Project.table_name}.id NOT IN (SELECT project_id FROM #{Member.table_name} WHERE user_id = #{user.id}))"
+                        group = role.anonymous? ? Group.anonymous : Group.non_member
+                        principal_ids = [user.id, group.id].compact
+                        s = "(#{s} AND #{Project.table_name}.id NOT IN (SELECT project_id FROM #{Member.table_name} WHERE user_id IN (#{principal_ids.join(',')})))"
                       end
                       statement_by_role[role] = s
                     end

test/unit/issue_test.rb +22 0

@@ -319,6 +319,28 class IssueTest < ActiveSupport::TestCase
319	assert_equal false, Issue.where(:project_id => 1).first.visible?(user)	319	assert_equal false, Issue.where(:project_id => 1).first.visible?(user)
320	end	320	end
321		321
		322	def test_visible_scope_with_custom_non_member_role_having_restricted_permission
		323	role = Role.generate!(:permissions => [:view_project])
		324	assert Role.non_member.has_permission?(:view_issues)
		325	user = User.generate!
		326	Member.create!(:principal => Group.non_member, :project_id => 1, :roles => [role])
		327
		328	issues = Issue.visible(user).to_a
		329	assert issues.any?
		330	assert_nil issues.detect {\|issue\| issue.project_id == 1}
		331	end
		332
		333	def test_visible_scope_with_custom_non_member_role_having_extended_permission
		334	role = Role.generate!(:permissions => [:view_project, :view_issues])
		335	Role.non_member.remove_permission!(:view_issues)
		336	user = User.generate!
		337	Member.create!(:principal => Group.non_member, :project_id => 1, :roles => [role])
		338
		339	issues = Issue.visible(user).to_a
		340	assert issues.any?
		341	assert_not_nil issues.detect {\|issue\| issue.project_id == 1}
		342	end
		343
322	def test_visible_scope_for_member_with_groups_should_return_assigned_issues	344	def test_visible_scope_for_member_with_groups_should_return_assigned_issues
323	user = User.find(8)	345	user = User.find(8)
324	assert user.groups.any?	346	assert user.groups.any?

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages