Project

General

Profile

Download (2.01 KB)

Patch #33329 » 0002-Do-not-propose-watchers-that-are-not-allowed-to-see-.patch

Marius BĂLTEANU, 2020-04-20 14:48

View differences:

app/controllers/watchers_controller.rb
133 133 
    users = scope.active.visible.sorted.like(params[:q]).to_a
134 134 
    users += scope_groups.active.visible.sorted.like(params[:q]).to_a
135 135 
    if @watchables && @watchables.size == 1
136 
      users -= @watchables.first.watcher_users
136 
      watchable_object = @watchables.first
137 
      users -= watchable_object.watcher_users
138 

  		




  
  139
  
    
      if watchable_object.respond_to?(:visible?)

  		




  
  140
  
    
        users.reject! {|user| user.is_a?(User) && !watchable_object.visible?(user)}

  		




  
  141
  
    
      end

  		




  137
  142
  
    
    end

  		




  138
  143
  
    
    users

  		




  139
  144
  
    
  end

  		












  

    
      test/functional/watchers_controller_test.rb
    
  





  335
  335
  
    
    assert_not_include hidden.name, response.body

  		




  336
  336
  
    
  end

  		




  337
  337
  
    

  		




  
  338
  
    
  def test_autocomplete_for_user_should_not_return_users_without_object_visibility

  		




  
  339
  
    
    @request.session[:user_id] = 1

  		




  
  340
  
    
    get :autocomplete_for_user, :params => {

  		




  
  341
  
    
      q: 'rober',

  		




  
  342
  
    
      project_id: 'onlinestore',

  		




  
  343
  
    
      object_id: '4',

  		




  
  344
  
    
      object_type: 'issue'

  		




  
  345
  
    
    }, :xhr => true

  		




  
  346
  
    

  		




  
  347
  
    
    assert_response :success

  		




  
  348
  
    

  		




  
  349
  
    
    assert response.body.blank?

  		




  
  350
  
    
  end

  		




  
  351
  
    

  		




  338
  352
  
    
  def test_append

  		




  339
  353
  
    
    @request.session[:user_id] = 2

  		




  340
  354
  
    
    assert_no_difference 'Watcher.count' do

  		















  (1-1/4)