jro_apps/redmine Commit - r4119:e59c927ee52d

Fixed: User#allowed_to? returning true in any case if array of projects had only one item (#5332)...

Jean-Baptiste Barth -

r4119:e59c927ee52d

parent child

Context file:

r4119:e59c927ee52d

app/models/user.rb +4 -2

                 elsif project && project.is_a?(Array)
                   # Authorize if user is authorized on every element of the array
-                  project.inject do |memo,p|
+                  project.map do |p|
-                    memo && allowed_to?(action,p,options)
+                    allowed_to?(action,p,options)
+                  end.inject do |memo,p|
+                    memo && p
                   end
                 elsif options[:global]
                   # Admin users are always authorized

test/unit/user_test.rb +4 0

                     assert @jsmith.allowed_to?(:edit_issues, @jsmith.projects) #Manager or Developer everywhere
                     assert ! @jsmith.allowed_to?(:delete_issue_watchers, @jsmith.projects) #Dev cannot delete_issue_watchers
                   end
+                  should "behave correctly with arrays of 1 project" do
+                    assert ! User.anonymous.allowed_to?(:delete_issues, [Project.first])
+                  end
                 end
                 context "with options[:global]" do

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages