Feature #2653 » redmine_own_v.1.patch
redmine/app/controllers/issues_controller.rb 2010-05-02 10:11:27.212598237 +0400 | ||
---|---|---|
104 | 104 |
end |
105 | 105 |
|
106 | 106 |
def show |
107 |
return render_403 if !@issue.visible? |
|
107 | 108 |
@journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC") |
108 | 109 |
@journals.each_with_index {|j,i| j.indice = i+1} |
109 | 110 |
@journals.reverse! if User.current.wants_comments_in_reverse_order? |
redmine/app/models/issue.rb 2010-05-02 10:34:35.590504997 +0400 | ||
---|---|---|
62 | 62 |
after_save :create_journal |
63 | 63 |
|
64 | 64 |
# Returns true if usr or current user is allowed to view the issue |
65 |
def visible?(usr=nil)
|
|
66 |
(usr || User.current).allowed_to?(:view_issues, self.project)
|
|
65 |
def visible?(user=User.current)
|
|
66 |
user.allowed_to?(:view_issues, self.project) || user.allowed_to?(:add_issues, self.project) && (author == user || assigned_to == user || watched_by?(user))
|
|
67 | 67 |
end |
68 | 68 |
|
69 | 69 |
def after_initialize |
redmine/app/models/query.rb 2010-05-02 12:51:48.021620769 +0400 | ||
---|---|---|
346 | 346 |
group_by_column.groupable |
347 | 347 |
end |
348 | 348 |
|
349 |
def project_statement |
|
349 |
def project_statement(own=nil)
|
|
350 | 350 |
project_clauses = [] |
351 | 351 |
if project && !@project.descendants.active.empty? |
352 | 352 |
ids = [project.id] |
... | ... | |
368 | 368 |
elsif project |
369 | 369 |
project_clauses << "#{Project.table_name}.id = %d" % project.id |
370 | 370 |
end |
371 |
project_clauses << Project.allowed_to_condition(User.current, :view_issues) |
|
371 |
if own |
|
372 |
wt = Watcher.table_name |
|
373 |
uc = User.current.id.to_s |
|
374 |
project_clauses << '('+Project.allowed_to_condition(User.current, :view_issues)+' OR '+Project.allowed_to_condition(User.current, :add_issues)+ |
|
375 |
" AND (#{Issue.table_name}.author_id=#{uc} OR "+ |
|
376 |
"#{Issue.table_name}.assigned_to_id=#{uc} OR "+ |
|
377 |
"#{Issue.table_name}.id IN (SELECT #{wt}.watchable_id FROM #{wt} WHERE #{wt}.watchable_type='Issue' AND user_id=#{uc}))"+")" |
|
378 |
else |
|
379 |
project_clauses << Project.allowed_to_condition(User.current, :view_issues) |
|
380 |
end |
|
372 | 381 |
project_clauses.join(' AND ') |
373 | 382 |
end |
374 | 383 | |
... | ... | |
409 | 418 |
|
410 | 419 |
end if filters and valid? |
411 | 420 |
|
412 |
(filters_clauses << project_statement).join(' AND ') |
|
421 |
(filters_clauses << project_statement(true)).join(' AND ')
|
|
413 | 422 |
end |
414 | 423 |
|
415 | 424 |
# Returns the issue count |
redmine/app/models/user.rb 2010-05-02 14:42:56.463242646 +0400 | ||
---|---|---|
289 | 289 |
|
290 | 290 |
roles = roles_for_project(project) |
291 | 291 |
return false unless roles |
292 |
roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
|
|
292 |
roles.any? {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
|
|
293 | 293 |
|
294 | 294 |
elsif options[:global] |
295 | 295 |
# Admin users are always authorized |
... | ... | |
297 | 297 |
|
298 | 298 |
# authorize if user has at least one role that has this permission |
299 | 299 |
roles = memberships.collect {|m| m.roles}.flatten.uniq |
300 |
roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
|
|
300 |
roles.any? {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
|
|
301 | 301 |
else |
302 | 302 |
false |
303 | 303 |
end |
redmine/lib/redmine.rb 2010-05-02 18:52:10.194070429 +0400 | ||
---|---|---|
25 | 25 | |
26 | 26 |
# Permissions |
27 | 27 |
Redmine::AccessControl.map do |map| |
28 |
map.permission :view_project, {:projects => [:show, :activity]}, :public => true
|
|
28 |
map.permission :view_project, {:projects => :show}, :public => true
|
|
29 | 29 |
map.permission :search_project, {:search => :index}, :public => true |
30 | 30 |
map.permission :add_project, {:projects => :add}, :require => :loggedin |
31 | 31 |
map.permission :edit_project, {:projects => [:settings, :edit]}, :require => :member |
... | ... | |
38 | 38 |
# Issue categories |
39 | 39 |
map.permission :manage_categories, {:projects => [:settings, :add_issue_category], :issue_categories => [:edit, :destroy]}, :require => :member |
40 | 40 |
# Issues |
41 |
map.permission :view_issues, {:projects => :roadmap,
|
|
41 |
map.permission :view_issues, {:projects => [:roadmap, :activity],
|
|
42 | 42 |
:issues => [:index, :changes, :show, :context_menu], |
43 | 43 |
:versions => [:show, :status_by], |
44 | 44 |
:queries => :index, |
45 | 45 |
:reports => :issue_report} |
46 |
map.permission :add_issues, {:issues => [:new, :update_form]} |
|
46 |
map.permission :add_issues, {:issues => [:new, :update_form, :index, :show]}
|
|
47 | 47 |
map.permission :edit_issues, {:issues => [:edit, :reply, :bulk_edit, :update_form]} |
48 | 48 |
map.permission :manage_issue_relations, {:issue_relations => [:new, :destroy]} |
49 | 49 |
map.permission :add_issue_notes, {:issues => [:edit, :reply]} |
... | ... | |
79 | 79 | |
80 | 80 |
map.project_module :documents do |map| |
81 | 81 |
map.permission :manage_documents, {:documents => [:new, :edit, :destroy, :add_attachment]}, :require => :loggedin |
82 |
map.permission :view_documents, :documents => [:index, :show, :download] |
|
82 |
map.permission :view_documents, :projects => :activity, :documents => [:index, :show, :download]
|
|
83 | 83 |
end |
84 | 84 |
|
85 | 85 |
map.project_module :files do |map| |
86 | 86 |
map.permission :manage_files, {:projects => :add_file}, :require => :loggedin |
87 |
map.permission :view_files, :projects => :list_files, :versions => :download
|
|
87 |
map.permission :view_files, :projects => [:list_files, :activity], :versions => :download
|
|
88 | 88 |
end |
89 | 89 |
|
90 | 90 |
map.project_module :wiki do |map| |
91 | 91 |
map.permission :manage_wiki, {:wikis => [:edit, :destroy]}, :require => :member |
92 | 92 |
map.permission :rename_wiki_pages, {:wiki => :rename}, :require => :member |
93 | 93 |
map.permission :delete_wiki_pages, {:wiki => :destroy}, :require => :member |
94 |
map.permission :view_wiki_pages, :wiki => [:index, :special] |
|
94 |
map.permission :view_wiki_pages, :projects => :activity, :wiki => [:index, :special]
|
|
95 | 95 |
map.permission :view_wiki_edits, :wiki => [:history, :diff, :annotate] |
96 | 96 |
map.permission :edit_wiki_pages, :wiki => [:edit, :preview, :add_attachment] |
97 | 97 |
map.permission :delete_wiki_pages_attachments, {} |
... | ... | |
100 | 100 |
|
101 | 101 |
map.project_module :repository do |map| |
102 | 102 |
map.permission :manage_repository, {:repositories => [:edit, :committers, :destroy]}, :require => :member |
103 |
map.permission :browse_repository, :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph] |
|
104 |
map.permission :view_changesets, :repositories => [:show, :revisions, :revision] |
|
103 |
map.permission :browse_repository, :projects => :activity, :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph]
|
|
104 |
map.permission :view_changesets, :projects => :activity, :repositories => [:show, :revisions, :revision]
|
|
105 | 105 |
map.permission :commit_access, {} |
106 | 106 |
end |
107 | 107 | |
108 | 108 |
map.project_module :boards do |map| |
109 | 109 |
map.permission :manage_boards, {:boards => [:new, :edit, :destroy]}, :require => :member |
110 | 110 |
map.permission :view_messages, {:boards => [:index, :show], :messages => [:show]}, :public => true |
111 |
map.permission :add_messages, {:messages => [:new, :reply, :quote]} |
|
111 |
map.permission :add_messages, {:projects => :activity, :messages => [:new, :reply, :quote]}
|
|
112 | 112 |
map.permission :edit_messages, {:messages => :edit}, :require => :member |
113 | 113 |
map.permission :edit_own_messages, {:messages => :edit}, :require => :loggedin |
114 | 114 |
map.permission :delete_messages, {:messages => :destroy}, :require => :member |
redmine/test/fixtures/issues.yml 2010-05-02 18:54:09.924727084 +0400 | ||
---|---|---|
10 | 10 |
category_id: 1 |
11 | 11 |
description: Unable to print recipes |
12 | 12 |
tracker_id: 1 |
13 |
assigned_to_id:
|
|
13 |
assigned_to_id: |
|
14 | 14 |
author_id: 2 |
15 | 15 |
status_id: 1 |
16 | 16 |
start_date: <%= 1.day.ago.to_date.to_s(:db) %> |
... | ... | |
86 | 86 |
category_id: |
87 | 87 |
description: This is an issue of a private subproject of cookbook |
88 | 88 |
tracker_id: 1 |
89 |
assigned_to_id: |
|
89 |
assigned_to_id: 12
|
|
90 | 90 |
author_id: 2 |
91 | 91 |
status_id: 1 |
92 | 92 |
start_date: <%= Date.today.to_s(:db) %> |
93 |
due_date: <%= 1.days.from_now.to_date.to_s(:db) %> |
|
94 | 93 |
issues_007: |
95 | 94 |
created_on: <%= 10.days.ago.to_date.to_s(:db) %> |
96 | 95 |
project_id: 1 |
... | ... | |
203 | 202 |
assigned_to_id: |
204 | 203 |
author_id: 2 |
205 | 204 |
status_id: 1 |
205 |
issues_014: |
|
206 |
created_on: <%= 5.days.ago.to_date.to_s(:db) %> |
|
207 |
project_id: 5 |
|
208 |
updated_on: <%= 2.days.ago.to_date.to_s(:db) %> |
|
209 |
priority_id: 5 |
|
210 |
subject: Test own message |
|
211 |
id: 14 |
|
212 |
fixed_version_id: |
|
213 |
category_id: |
|
214 |
description: Test own message |
|
215 |
tracker_id: 1 |
|
216 |
assigned_to_id: |
|
217 |
author_id: 12 |
|
218 |
status_id: 1 |
redmine/test/fixtures/member_roles.yml 2010-05-02 11:23:54.235688297 +0400 | ||
---|---|---|
47 | 47 |
role_id: 2 |
48 | 48 |
member_id: 10 |
49 | 49 |
inherited_from: 10 |
50 |
member_roles_012: |
|
51 |
id: 12 |
|
52 |
role_id: 6 |
|
53 |
member_id: 11 |
|
54 |
inherited_from: 11 |
redmine/test/fixtures/members.yml 2010-05-02 14:02:44.426675930 +0400 | ||
---|---|---|
60 | 60 |
project_id: 2 |
61 | 61 |
user_id: 8 |
62 | 62 |
mail_notification: false |
63 |
members_011: |
|
64 |
id: 11 |
|
65 |
created_on: 2006-07-19 19:35:33 +02:00 |
|
66 |
project_id: 5 |
|
67 |
user_id: 12 |
|
68 |
mail_notification: false |
redmine/test/fixtures/roles.yml 2010-05-02 11:30:00.746683471 +0400 | ||
---|---|---|
181 | 181 |
- :view_changesets |
182 | 182 | |
183 | 183 |
position: 5 |
184 |
roles_006: |
|
185 |
name: Reporter2 |
|
186 |
id: 6 |
|
187 |
builtin: 0 |
|
188 |
permissions: | |
|
189 |
--- |
|
190 |
- :add_issues |
|
191 | ||
192 |
position: 6 |
|
184 | 193 |
redmine/test/fixtures/users.yml 2010-05-02 13:37:29.807310462 +0400 | ||
---|---|---|
152 | 152 |
id: 11 |
153 | 153 |
lastname: B Team |
154 | 154 |
type: Group |
155 |
users_012: |
|
156 |
id: 12 |
|
157 |
created_on: 2006-07-19 19:33:19 +02:00 |
|
158 |
status: 1 |
|
159 |
last_login_on: |
|
160 |
language: 'ru' |
|
161 |
hashed_password: 1 |
|
162 |
updated_on: 2006-07-19 19:33:19 +02:00 |
|
163 |
admin: false |
|
164 |
mail: vasia@foo.bar |
|
165 |
lastname: Vasia |
|
166 |
firstname: Pupkin |
|
167 |
auth_source_id: |
|
168 |
mail_notification: false |
|
169 |
login: vasia |
|
170 |
type: User |
|
155 | 171 | |
156 | 172 |
|
redmine/test/fixtures/watchers.yml 2010-05-02 14:10:33.450735744 +0400 | ||
---|---|---|
11 | 11 |
watchable_type: Issue |
12 | 12 |
watchable_id: 2 |
13 | 13 |
user_id: 1 |
14 |
watchers_004: |
|
15 |
watchable_type: Issue |
|
16 |
watchable_id: 9 |
|
17 |
user_id: 12 |
|
14 | 18 |
|
redmine/test/functional/issues_controller_test.rb 2010-05-02 14:11:07.723876157 +0400 | ||
---|---|---|
411 | 411 |
|
412 | 412 |
def test_show_should_deny_member_access_without_permission |
413 | 413 |
Role.find(1).remove_permission!(:view_issues) |
414 |
Role.find(1).remove_permission!(:add_issues) |
|
414 | 415 |
@request.session[:user_id] = 2 |
415 | 416 |
get :show, :id => 1 |
416 | 417 |
assert_response 403 |
... | ... | |
458 | 459 |
assert_not_nil assigns(:issue) |
459 | 460 |
end |
460 | 461 | |
462 |
def test_show_own_issue_by_author |
|
463 |
@request.session[:user_id] = 12 |
|
464 |
get :show, :id => 14 |
|
465 |
assert_response :success |
|
466 |
end |
|
467 | ||
468 |
def test_show_own_issue_by_assigned |
|
469 |
@request.session[:user_id] = 12 |
|
470 |
get :show, :id => 6 |
|
471 |
assert_response :success |
|
472 |
end |
|
473 | ||
474 |
def test_show_own_issue_by_watcher |
|
475 |
@request.session[:user_id] = 12 |
|
476 |
get :show, :id => 9 |
|
477 |
assert_response :success |
|
478 |
end |
|
479 | ||
480 |
def test_show_should_deny_access_without_permission |
|
481 |
@request.session[:user_id] = 12 |
|
482 |
get :show, :id => 10 |
|
483 |
assert_response 403 |
|
484 |
end |
|
485 | ||
461 | 486 |
def test_get_new |
462 | 487 |
@request.session[:user_id] = 2 |
463 | 488 |
get :new, :project_id => 1, :tracker_id => 1 |
redmine/test/unit/issue_test.rb 2010-05-02 14:50:06.631821484 +0400 | ||
---|---|---|
105 | 105 |
assert issues.detect {|issue| !issue.project.is_public?} |
106 | 106 |
end |
107 | 107 |
|
108 |
def test_visible |
|
109 |
user=User.find(12) |
|
110 |
issue = Issue.new(:project_id => 5, :tracker_id => 1, :author_id => 2, :status_id => 1, :priority => IssuePriority.all.first, :subject => 'test_own', :description => 'IssueTest#test_own', :estimated_hours => '5:30') |
|
111 |
assert issue.save |
|
112 |
issue.reload |
|
113 |
# Test for user, with "View_issue" |
|
114 |
assert_equal true, issue.visible?(User.find(8)) |
|
115 |
# Test for user, without "View issue", but with "Add issue" |
|
116 |
assert_equal false, issue.visible?(user) |
|
117 |
# Test for assinged user |
|
118 |
issue.assigned_to=user |
|
119 |
assert_equal true, issue.visible?(user) |
|
120 |
# Test for watcher |
|
121 |
issue.assigned_to=nil |
|
122 |
issue.add_watcher(user) |
|
123 |
assert_equal true, issue.visible?(user) |
|
124 |
# Test for author |
|
125 |
issue = Issue.new(:project_id => 5, :tracker_id => 1, :author_id => 12, :status_id => 1, :priority => IssuePriority.all.first, :subject => 'test_own', :description => 'IssueTest#test_own', :estimated_hours => '5:30') |
|
126 |
assert issue.save |
|
127 |
issue.reload |
|
128 |
assert_equal true, issue.visible?(user) |
|
129 |
end |
|
130 | ||
108 | 131 |
def test_errors_full_messages_should_include_custom_fields_errors |
109 | 132 |
field = IssueCustomField.find_by_name('Database') |
110 | 133 |
|
redmine/test/unit/mailer_test.rb 2010-05-02 15:27:00.495894531 +0400 | ||
---|---|---|
199 | 199 |
user = User.find(9) |
200 | 200 |
Watcher.create!(:watchable => @issue, :user => user) |
201 | 201 |
Role.non_member.remove_permission!(:view_issues) |
202 |
Role.non_member.remove_permission!(:add_issues) |
|
202 | 203 |
assert Mailer.deliver_issue_add(@issue) |
203 | 204 |
assert !last_email.bcc.include?(user.mail) |
204 | 205 |
end |