jro_apps/redmine Commit - r4119:e59c927ee52d

Fixed: User#allowed_to? returning true in any case if array of projects had only one item (#5332)...

Jean-Baptiste Barth -

r4119:e59c927ee52d

parent child

Context file:

r4119:e59c927ee52d

app/models/user.rb +4 -2

                  elsif project && project.is_a?(Array)
                    # Authorize if user is authorized on every element of the array
-                   project.inject do |memo,p|
-                     memo && allowed_to?(action,p,options)
+                   project.map do |p|
+                     allowed_to?(action,p,options)
+                   end.inject do |memo,p|
+                     memo && p
                    end
                  elsif options[:global]
                    # Admin users are always authorized

test/unit/user_test.rb +4 0

                      assert @jsmith.allowed_to?(:edit_issues, @jsmith.projects) #Manager or Developer everywhere
                      assert ! @jsmith.allowed_to?(:delete_issue_watchers, @jsmith.projects) #Dev cannot delete_issue_watchers
                    end
+                   should "behave correctly with arrays of 1 project" do
+                     assert ! User.anonymous.allowed_to?(:delete_issues, [Project.first])
+                   end
                  end
                  context "with options[:global]" do

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages