Patch #14318 » allow_watchers_and_contributers_access_to_issues_4.1.0.patch
| app/models/issue.rb 2016-04-06 10:05:57.755051963 +0200 | ||
|---|---|---|
| 131 | 131 |
when 'own' |
| 132 | 132 |
user_ids = [user.id] + user.groups.pluck(:id).compact |
| 133 | 133 |
"(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
|
| 134 |
when 'own_watch' |
|
| 135 |
user_ids = [user.id] + user.groups.pluck(:id) |
|
| 136 |
"(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue'))"
|
|
| 137 |
when 'own_watch_contributed' |
|
| 138 |
user_ids = [user.id] + user.groups.pluck(:id) |
|
| 139 |
"(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue') OR #{table_name}.id IN (SELECT journalized_id FROM journals where journalized_type = 'Issue' AND user_id=#{user.id} GROUP BY journalized_id))"
|
|
| 134 | 140 |
else |
| 135 | 141 |
'1=0' |
| 136 | 142 |
end |
| ... | ... | |
| 161 | 167 |
!self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to)) |
| 162 | 168 |
when 'own' |
| 163 | 169 |
self.author == user || user.is_or_belongs_to?(assigned_to) |
| 170 |
when 'own_watch' |
|
| 171 |
self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user) |
|
| 172 |
when 'own_watch_contributed' |
|
| 173 |
self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user) || self.journals.where('journalized_id = ?', self.id).where('user_id = ?', user).count > 0
|
|
| 164 | 174 |
else |
| 165 | 175 |
false |
| 166 | 176 |
end |
| app/models/role.rb 2016-04-06 10:05:57.755051963 +0200 | ||
|---|---|---|
| 40 | 40 |
ISSUES_VISIBILITY_OPTIONS = [ |
| 41 | 41 |
['all', :label_issues_visibility_all], |
| 42 | 42 |
['default', :label_issues_visibility_public], |
| 43 |
['own', :label_issues_visibility_own] |
|
| 43 |
['own', :label_issues_visibility_own], |
|
| 44 |
['own_watch', :label_issues_visibility_own_watch], |
|
| 45 |
['own_watch_contributed', :label_issues_visibility_own_watch_contributed] |
|
| 44 | 46 |
] |
| 45 | 47 | |
| 46 | 48 |
TIME_ENTRIES_VISIBILITY_OPTIONS = [ |
| config/locales/en.yml 2016-04-06 10:12:27.884900611 +0200 | ||
|---|---|---|
| 478 | 478 |
setting_new_item_menu_tab: Project menu tab for creating new objects |
| 479 | 479 |
setting_commit_logs_formatting: Apply text formatting to commit messages |
| 480 | 480 |
setting_timelog_required_fields: Required fields for time logs |
| 481 |
setting_enable_watcher_issue_visibility: Enable watcher issue visibility |
|
| 481 | 482 |
setting_close_duplicate_issues: Close duplicate issues automatically |
| 482 | 483 |
setting_time_entry_list_defaults: Timelog list defaults |
| 483 | 484 |
setting_timelog_accept_0_hours: Accept time logs with 0 hours |
| ... | ... | |
| 1077 | 1078 |
label_display_type_list: List |
| 1078 | 1079 |
label_display_type_board: Board |
| 1079 | 1080 |
label_my_bookmarks: My bookmarks |
| 1081 |
label_issues_visibility_own_watch: Issues created by, assigned to, or watched by the user |
|
| 1082 |
label_issues_visibility_own_watch_contributed: Issues created by, assigned to, watched by, or contributed to by the user |
|
| 1080 | 1083 | |
| 1081 | 1084 |
button_login: Login |
| 1082 | 1085 |
button_submit: Submit |
| test/unit/issue_test.rb 2016-04-06 10:05:57.756051955 +0200 | ||
|---|---|---|
| 279 | 279 |
assert_visibility_match user, issues |
| 280 | 280 |
end |
| 281 | 281 | |
| 282 |
def test_visible_scope_for_non_member_with_own_watch_issues_visibility |
|
| 283 |
#Role.non_member.add_permission! :view_issues |
|
| 284 |
Role.non_member.update! :issues_visibility, 'own_watch' |
|
| 285 |
user = User.find(9) |
|
| 286 |
assert user.projects.empty? |
|
| 287 |
own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member') |
|
| 288 |
watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member') |
|
| 289 |
watching_issue.add_watcher(user) |
|
| 290 | ||
| 291 |
#assert_equal true, own_issue.visible?(user) |
|
| 292 |
#assert_equal true, watching_issue.visible?(user) |
|
| 293 |
assert_visibility_match user, [own_issue, watching_issue] |
|
| 294 |
end |
|
| 295 | ||
| 296 |
def test_visible_scope_for_non_member_with_own_watch_contributed_issues_visibility |
|
| 297 |
#Role.non_member.add_permission! :view_issues |
|
| 298 |
Role.non_member.update! :issues_visibility, 'own_watch_contributed' |
|
| 299 |
user = User.find(9) |
|
| 300 |
assert user.projects.empty? |
|
| 301 |
own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member') |
|
| 302 |
watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member') |
|
| 303 |
watching_issue.add_watcher(user) |
|
| 304 |
watching_issue.reload |
|
| 305 |
contributed_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue contributed by non member') |
|
| 306 |
journal = contributed_issue.init_journal(user) |
|
| 307 |
journal.notes = 'journal notes' |
|
| 308 |
journal.save! |
|
| 309 | ||
| 310 |
#assert_equal true, own_issue.visible?(user) |
|
| 311 |
#assert_equal true, watching_issue.visible?(user) |
|
| 312 |
#assert_equal true, contributed_issue.visible?(user) |
|
| 313 |
assert_visibility_match user, [own_issue, watching_issue, contributed_issue] |
|
| 314 |
end |
|
| 315 | ||
| 282 | 316 |
def test_visible_scope_for_non_member_without_view_issues_permissions |
| 283 | 317 |
# Non member user should not see issues without permission |
| 284 | 318 |
Role.non_member.remove_permission!(:view_issues) |
| ... | ... | |
| 357 | 390 |
:assigned_to => group, |
| 358 | 391 |
:is_private => true) |
| 359 | 392 | |
| 360 |
Role.find(2).update! :issues_visibility => 'default' |
|
| 361 |
issues = Issue.visible(User.find(8)).to_a |
|
| 362 |
assert issues.any? |
|
| 363 |
assert issues.include?(issue) |
|
| 364 | ||
| 365 |
Role.find(2).update! :issues_visibility => 'own' |
|
| 366 |
issues = Issue.visible(User.find(8)).to_a |
|
| 367 |
assert issues.any? |
|
| 368 |
assert_include issue, issues |
|
| 369 |
end |
|
| 370 |
end |
|
| 393 |
['default', 'own', 'own_watch', 'own_watch_contributed'].each do |issue_visibility| |
|
| 394 |
Role.find(2).update! :issues_visibility => issue_visibility |
|
| 395 |
issues = Issue.visible(User.find(8)).to_a |
|
| 396 |
assert issues.any? |
|
| 397 |
assert issues.include?(issue) |
|
| 398 |
end |
|
| 399 |
end |
|
| 400 |
end |
|
| 401 | ||
| 402 |
def test_visible_scope_for_non_member_and_watcher_should_return_watching_issues |
|
| 403 |
user = User.find(9) |
|
| 404 |
assert user.projects.empty? |
|
| 405 |
Role.non_member.add_permission!(:view_issues) |
|
| 406 | ||
| 407 |
issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true) |
|
| 408 |
issue.add_watcher(user) |
|
| 409 | ||
| 410 |
['own_watch', 'own_watch_contributed'].each do |issue_visibility| |
|
| 411 |
Role.non_member.update! :issues_visibility => issue_visibility |
|
| 412 |
issues = Issue.visible(user).to_a |
|
| 413 |
assert issues.any? |
|
| 414 |
assert issues.include?(issue) |
|
| 415 |
end |
|
| 416 |
end |
|
| 417 | ||
| 418 |
def test_visible_scope_for_non_member_and_contributer_should_return_contributing_issues |
|
| 419 |
user = User.find(9) |
|
| 420 |
assert user.projects.empty? |
|
| 421 |
Role.non_member.add_permission!(:view_issues) |
|
| 422 | ||
| 423 |
issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true) |
|
| 424 |
journal = issue.init_journal(user) |
|
| 425 |
journal.notes = 'journal notes' |
|
| 426 |
journal.save! |
|
| 427 | ||
| 428 |
Role.non_member.update! :issues_visibility, 'own_watch_contributed' |
|
| 429 |
issues = Issue.visible(user).to_a |
|
| 430 |
end |
|
| 371 | 431 | |
| 372 | 432 |
def test_visible_scope_for_member_with_limited_tracker_ids |
| 373 | 433 |
role = Role.find(1) |
