Project

General

Profile

Download (7.47 KB)

Patch #14318 » allow_watchers_and_contributers_access_to_issues_3.4.2.patch

for Redmine 3.4.2 (and probably later) - Tobias Fischer, 2017-08-08 17:16

View differences:

app/models/issue.rb 2016-04-06 10:05:57.755051963 +0200
132 132 
        when 'own'
133 133 
          user_ids = [user.id] + user.groups.map(&:id).compact
134 134 
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
135 
        when 'own_watch'
136 
          user_ids = [user.id] + user.groups.map(&:id)
137 
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue'))"
138 
        when 'own_watch_contributed'
139 
          user_ids = [user.id] + user.groups.map(&:id)
140 
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue') OR #{table_name}.id IN (SELECT journalized_id FROM journals where journalized_type = 'Issue' AND user_id=#{user.id} GROUP BY journalized_id))"
135 141 
        else
136 142 
          '1=0'
137 143 
        end
......
161 167 
          !self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to))
162 168 
        when 'own'
163 169 
          self.author == user || user.is_or_belongs_to?(assigned_to)
170 
        when 'own_watch'
171 
          self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user)
172 
        when 'own_watch_contributed'
173 
          self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user) || self.journals.where('journalized_id = ?', self.id).where('user_id = ?', user).count > 0
164 174 
        else
165 175 
          false
166 176 
        end
app/models/role.rb 2016-04-06 10:05:57.755051963 +0200
38 38 
  ISSUES_VISIBILITY_OPTIONS = [
39 39 
    ['all', :label_issues_visibility_all],
40 40 
    ['default', :label_issues_visibility_public],
41 
    ['own', :label_issues_visibility_own]
41 
    ['own', :label_issues_visibility_own],
42 
    ['own_watch', :label_issues_visibility_own_watch],
43 
    ['own_watch_contributed', :label_issues_visibility_own_watch_contributed]
42 44 
  ]
43 45 
  TIME_ENTRIES_VISIBILITY_OPTIONS = [
config/locales/en.yml 2016-04-06 10:12:27.884900611 +0200
462 462 
  setting_new_item_menu_tab: Project menu tab for creating new objects
463 463 
  setting_commit_logs_formatting: Apply text formatting to commit messages
464 464 
  setting_timelog_required_fields: Required fields for time logs
465 
  setting_enable_watcher_issue_visibility: Enable watcher issue visibility
465 466 
  permission_add_project: Create project
466 467 
  permission_add_subprojects: Create subprojects
......
1019 1019 
  label_font_monospace: Monospaced font
1020 1020 
  label_font_proportional: Proportional font
1021 1021 
  label_last_notes: Last notes
1022 
  label_issues_visibility_own_watch: Issues created by, assigned to, or watched by the user
1023 
  label_issues_visibility_own_watch_contributed: Issues created by, assigned to, watched by, or contributed to by the user
1022 1024 
  button_login: Login
1023 1025 
  button_submit: Submit
test/unit/issue_test.rb 2016-04-06 10:05:57.756051955 +0200
278 278 
    assert_visibility_match user, issues
279 279 
  end
280 
  def test_visible_scope_for_non_member_with_own_watch_issues_visibility
281 
    #Role.non_member.add_permission! :view_issues
282 
    Role.non_member.update! :issues_visibility, 'own_watch'
283 
    user = User.find(9)
284 
    assert user.projects.empty?
285 
    own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member')
286 
    watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member')
287 
    watching_issue.add_watcher(user)
288 

  		




  
  289
  
    
    #assert_equal true, own_issue.visible?(user)

  		




  
  290
  
    
    #assert_equal true, watching_issue.visible?(user)

  		




  
  291
  
    
    assert_visibility_match user, [own_issue, watching_issue]

  		




  
  292
  
    
  end

  		




  
  293
  
    

  		




  
  294
  
    
  def test_visible_scope_for_non_member_with_own_watch_contributed_issues_visibility

  		




  
  295
  
    
    #Role.non_member.add_permission! :view_issues

  		




  
  296
  
    
    Role.non_member.update! :issues_visibility, 'own_watch_contributed'

  		




  
  297
  
    
    user = User.find(9)

  		




  
  298
  
    
    assert user.projects.empty?

  		




  
  299
  
    
    own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member')

  		




  
  300
  
    
    watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member')

  		




  
  301
  
    
    watching_issue.add_watcher(user)

  		




  
  302
  
    
    watching_issue.reload

  		




  
  303
  
    
    contributed_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue contributed by non member')

  		




  
  304
  
    
    journal = contributed_issue.init_journal(user)

  		




  
  305
  
    
    journal.notes = 'journal notes'

  		




  
  306
  
    
    journal.save!

  		




  
  307
  
    

  		




  
  308
  
    
    #assert_equal true, own_issue.visible?(user)

  		




  
  309
  
    
    #assert_equal true, watching_issue.visible?(user)

  		




  
  310
  
    
    #assert_equal true, contributed_issue.visible?(user)

  		




  
  311
  
    
    assert_visibility_match user, [own_issue, watching_issue, contributed_issue]

  		




  
  312
  
    
  end

  		




  
  313
  
    

  		




  280
  314
  
    
  def test_visible_scope_for_non_member_without_view_issues_permissions

  		




  281
  315
  
    
    # Non member user should not see issues without permission

  		




  282
  316
  
    
    Role.non_member.remove_permission!(:view_issues)

  		




  ......




  356
  389
  
    
        :assigned_to => group,

  		




  357
  390
  
    
        :is_private => true)

  		




  358
  
  
    
      Role.find(2).update! :issues_visibility => 'default'

  		




  359
  
  
    
      issues = Issue.visible(User.find(8)).to_a

  		




  360
  
  
    
      assert issues.any?

  		




  361
  
  
    
      assert issues.include?(issue)

  		




  362
  
  
    

  		




  363
  
  
    
      Role.find(2).update! :issues_visibility => 'own'

  		




  364
  
  
    
      issues = Issue.visible(User.find(8)).to_a

  		




  365
  
  
    
      assert issues.any?

  		




  366
  
  
    
      assert_include issue, issues

  		




  367
  
  
    
    end

  		




  368
  
  
    
  end

  		




  
  391
  
    
      ['default', 'own', 'own_watch', 'own_watch_contributed'].each do |issue_visibility|

  		




  
  392
  
    
        Role.find(2).update! :issues_visibility => issue_visibility

  		




  
  393
  
    
        issues = Issue.visible(User.find(8)).to_a

  		




  
  394
  
    
        assert issues.any?

  		




  
  395
  
    
        assert issues.include?(issue)

  		




  
  396
  
    
      end

  		




  
  397
  
    
    end

  		




  
  398
  
    
  end

  		




  
  399
  
    

  		




  
  400
  
    
  def test_visible_scope_for_non_member_and_watcher_should_return_watching_issues

  		




  
  401
  
    
    user = User.find(9)

  		




  
  402
  
    
    assert user.projects.empty?

  		




  
  403
  
    
    Role.non_member.add_permission!(:view_issues)

  		




  
  404
  
    

  		




  
  405
  
    
    issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true)

  		




  
  406
  
    
    issue.add_watcher(user)

  		




  
  407
  
    

  		




  
  408
  
    
    ['own_watch', 'own_watch_contributed'].each do |issue_visibility|

  		




  
  409
  
    
      Role.non_member.update! :issues_visibility => issue_visibility

  		




  
  410
  
    
      issues = Issue.visible(user).to_a

  		




  
  411
  
    
      assert issues.any?

  		




  
  412
  
    
      assert issues.include?(issue)

  		




  
  413
  
    
    end

  		




  
  414
  
    
  end

  		




  
  415
  
    

  		




  
  416
  
    
  def test_visible_scope_for_non_member_and_contributer_should_return_contributing_issues

  		




  
  417
  
    
    user = User.find(9)

  		




  
  418
  
    
    assert user.projects.empty?

  		




  
  419
  
    
    Role.non_member.add_permission!(:view_issues)

  		




  
  420
  
    

  		




  
  421
  
    
    issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true)

  		




  
  422
  
    
    journal = issue.init_journal(user)

  		




  
  423
  
    
    journal.notes = 'journal notes'

  		




  
  424
  
    
    journal.save!

  		




  
  425
  
    

  		




  
  426
  
    
    Role.non_member.update! :issues_visibility, 'own_watch_contributed'

  		




  
  427
  
    
    issues = Issue.visible(user).to_a

  		




  
  428
  
    
  end

  		




  369
  429
  
    
  def test_visible_scope_for_member_with_limited_tracker_ids

  		




  370
  430
  
    
    role = Role.find(1)

  		















  (7-7/15)