Project

General

Profile

Patch #14318 » allow_watchers_and_contributers_access_to_issues_3.4.2.patch

for Redmine 3.4.2 (and probably later) - Tobias Fischer, 2017-08-08 17:16

View differences:

app/models/issue.rb 2016-04-06 10:05:57.755051963 +0200
132 132
        when 'own'
133 133
          user_ids = [user.id] + user.groups.map(&:id).compact
134 134
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
135
        when 'own_watch'
136
          user_ids = [user.id] + user.groups.map(&:id)
137
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue'))"
138
        when 'own_watch_contributed'
139
          user_ids = [user.id] + user.groups.map(&:id)
140
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue') OR #{table_name}.id IN (SELECT journalized_id FROM journals where journalized_type = 'Issue' AND user_id=#{user.id} GROUP BY journalized_id))"
135 141
        else
136 142
          '1=0'
137 143
        end
......
161 167
          !self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to))
162 168
        when 'own'
163 169
          self.author == user || user.is_or_belongs_to?(assigned_to)
170
        when 'own_watch'
171
          self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user)
172
        when 'own_watch_contributed'
173
          self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user) || self.journals.where('journalized_id = ?', self.id).where('user_id = ?', user).count > 0
164 174
        else
165 175
          false
166 176
        end
app/models/role.rb 2016-04-06 10:05:57.755051963 +0200
38 38
  ISSUES_VISIBILITY_OPTIONS = [
39 39
    ['all', :label_issues_visibility_all],
40 40
    ['default', :label_issues_visibility_public],
41
    ['own', :label_issues_visibility_own]
41
    ['own', :label_issues_visibility_own],
42
    ['own_watch', :label_issues_visibility_own_watch],
43
    ['own_watch_contributed', :label_issues_visibility_own_watch_contributed]
42 44
  ]
43 45
  TIME_ENTRIES_VISIBILITY_OPTIONS = [
config/locales/en.yml 2016-04-06 10:12:27.884900611 +0200
462 462
  setting_new_item_menu_tab: Project menu tab for creating new objects
463 463
  setting_commit_logs_formatting: Apply text formatting to commit messages
464 464
  setting_timelog_required_fields: Required fields for time logs
465
  setting_enable_watcher_issue_visibility: Enable watcher issue visibility
465 466
  permission_add_project: Create project
466 467
  permission_add_subprojects: Create subprojects
......
1019 1019
  label_font_monospace: Monospaced font
1020 1020
  label_font_proportional: Proportional font
1021 1021
  label_last_notes: Last notes
1022
  label_issues_visibility_own_watch: Issues created by, assigned to, or watched by the user
1023
  label_issues_visibility_own_watch_contributed: Issues created by, assigned to, watched by, or contributed to by the user
1022 1024
  button_login: Login
1023 1025
  button_submit: Submit
test/unit/issue_test.rb 2016-04-06 10:05:57.756051955 +0200
278 278
    assert_visibility_match user, issues
279 279
  end
280
  def test_visible_scope_for_non_member_with_own_watch_issues_visibility
281
    #Role.non_member.add_permission! :view_issues
282
    Role.non_member.update! :issues_visibility, 'own_watch'
283
    user = User.find(9)
284
    assert user.projects.empty?
285
    own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member')
286
    watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member')
287
    watching_issue.add_watcher(user)
288

  
289
    #assert_equal true, own_issue.visible?(user)
290
    #assert_equal true, watching_issue.visible?(user)
291
    assert_visibility_match user, [own_issue, watching_issue]
292
  end
293

  
294
  def test_visible_scope_for_non_member_with_own_watch_contributed_issues_visibility
295
    #Role.non_member.add_permission! :view_issues
296
    Role.non_member.update! :issues_visibility, 'own_watch_contributed'
297
    user = User.find(9)
298
    assert user.projects.empty?
299
    own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member')
300
    watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member')
301
    watching_issue.add_watcher(user)
302
    watching_issue.reload
303
    contributed_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue contributed by non member')
304
    journal = contributed_issue.init_journal(user)
305
    journal.notes = 'journal notes'
306
    journal.save!
307

  
308
    #assert_equal true, own_issue.visible?(user)
309
    #assert_equal true, watching_issue.visible?(user)
310
    #assert_equal true, contributed_issue.visible?(user)
311
    assert_visibility_match user, [own_issue, watching_issue, contributed_issue]
312
  end
313

  
280 314
  def test_visible_scope_for_non_member_without_view_issues_permissions
281 315
    # Non member user should not see issues without permission
282 316
    Role.non_member.remove_permission!(:view_issues)
......
356 389
        :assigned_to => group,
357 390
        :is_private => true)
358
      Role.find(2).update! :issues_visibility => 'default'
359
      issues = Issue.visible(User.find(8)).to_a
360
      assert issues.any?
361
      assert issues.include?(issue)
362

  
363
      Role.find(2).update! :issues_visibility => 'own'
364
      issues = Issue.visible(User.find(8)).to_a
365
      assert issues.any?
366
      assert_include issue, issues
367
    end
368
  end
391
      ['default', 'own', 'own_watch', 'own_watch_contributed'].each do |issue_visibility|
392
        Role.find(2).update! :issues_visibility => issue_visibility
393
        issues = Issue.visible(User.find(8)).to_a
394
        assert issues.any?
395
        assert issues.include?(issue)
396
      end
397
    end
398
  end
399

  
400
  def test_visible_scope_for_non_member_and_watcher_should_return_watching_issues
401
    user = User.find(9)
402
    assert user.projects.empty?
403
    Role.non_member.add_permission!(:view_issues)
404

  
405
    issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true)
406
    issue.add_watcher(user)
407

  
408
    ['own_watch', 'own_watch_contributed'].each do |issue_visibility|
409
      Role.non_member.update! :issues_visibility => issue_visibility
410
      issues = Issue.visible(user).to_a
411
      assert issues.any?
412
      assert issues.include?(issue)
413
    end
414
  end
415

  
416
  def test_visible_scope_for_non_member_and_contributer_should_return_contributing_issues
417
    user = User.find(9)
418
    assert user.projects.empty?
419
    Role.non_member.add_permission!(:view_issues)
420

  
421
    issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true)
422
    journal = issue.init_journal(user)
423
    journal.notes = 'journal notes'
424
    journal.save!
425

  
426
    Role.non_member.update! :issues_visibility, 'own_watch_contributed'
427
    issues = Issue.visible(user).to_a
428
  end
369 429
  def test_visible_scope_for_member_with_limited_tracker_ids
370 430
    role = Role.find(1)
(7-7/15)