Feature #2653 » redmine_own_v.2.patch
| redmine/app/controllers/issues_controller.rb 2010-05-02 10:11:27.212598237 +0400 | ||
|---|---|---|
| 104 | 104 |
end |
| 105 | 105 |
|
| 106 | 106 |
def show |
| 107 |
return render_403 if !@issue.visible? |
|
| 107 | 108 |
@journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
|
| 108 | 109 |
@journals.each_with_index {|j,i| j.indice = i+1}
|
| 109 | 110 |
@journals.reverse! if User.current.wants_comments_in_reverse_order? |
| redmine/app/models/issue.rb 2010-05-02 10:34:35.590504997 +0400 | ||
|---|---|---|
| 62 | 62 |
after_save :create_journal |
| 63 | 63 |
|
| 64 | 64 |
# Returns true if usr or current user is allowed to view the issue |
| 65 |
def visible?(usr=nil)
|
|
| 66 |
(usr || User.current).allowed_to?(:view_issues, self.project)
|
|
| 65 |
def visible?(user=User.current)
|
|
| 66 |
user.allowed_to?(:view_issues, self.project) || user.allowed_to?(:add_issues, self.project) && (author == user || assigned_to == user || watched_by?(user))
|
|
| 67 | 67 |
end |
| 68 | 68 |
|
| 69 | 69 |
def after_initialize |
| redmine/app/models/query.rb 2010-05-05 13:15:44.608127680 +0400 | ||
|---|---|---|
| 346 | 346 |
group_by_column.groupable |
| 347 | 347 |
end |
| 348 | 348 |
|
| 349 |
def project_statement |
|
| 349 |
def project_statement(own=nil)
|
|
| 350 | 350 |
project_clauses = [] |
| 351 | 351 |
if project && !@project.descendants.active.empty? |
| 352 | 352 |
ids = [project.id] |
| ... | ... | |
| 368 | 368 |
elsif project |
| 369 | 369 |
project_clauses << "#{Project.table_name}.id = %d" % project.id
|
| 370 | 370 |
end |
| 371 |
project_clauses << Project.allowed_to_condition(User.current, :view_issues) |
|
| 371 |
if own |
|
| 372 |
wt = Watcher.table_name |
|
| 373 |
uc = User.current.id.to_s |
|
| 374 |
project_clauses << '('+Project.allowed_to_condition(User.current, :view_issues)+' OR '+Project.allowed_to_condition(User.current, :add_issues)+
|
|
| 375 |
" AND (#{Issue.table_name}.author_id=#{uc} OR "+
|
|
| 376 |
"#{Issue.table_name}.assigned_to_id=#{uc} OR "+
|
|
| 377 |
"#{Issue.table_name}.id IN (SELECT #{wt}.watchable_id FROM #{wt} WHERE #{wt}.watchable_type='Issue' AND user_id=#{uc}))"+")"
|
|
| 378 |
else |
|
| 379 |
project_clauses << Project.allowed_to_condition(User.current, :view_issues) |
|
| 380 |
end |
|
| 372 | 381 |
project_clauses.join(' AND ')
|
| 373 | 382 |
end |
| 374 | 383 | |
| ... | ... | |
| 409 | 418 |
|
| 410 | 419 |
end if filters and valid? |
| 411 | 420 |
|
| 412 |
(filters_clauses << project_statement).join(' AND ')
|
|
| 421 |
(filters_clauses << project_statement(true)).join(' AND ')
|
|
| 413 | 422 |
end |
| 414 | 423 |
|
| 415 | 424 |
# Returns the issue count |
| redmine/app/models/user.rb 2010-05-02 14:42:56.463242646 +0400 | ||
|---|---|---|
| 289 | 289 |
|
| 290 | 290 |
roles = roles_for_project(project) |
| 291 | 291 |
return false unless roles |
| 292 |
roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
|
|
| 292 |
roles.any? {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
|
|
| 293 | 293 |
|
| 294 | 294 |
elsif options[:global] |
| 295 | 295 |
# Admin users are always authorized |
| ... | ... | |
| 297 | 297 |
|
| 298 | 298 |
# authorize if user has at least one role that has this permission |
| 299 | 299 |
roles = memberships.collect {|m| m.roles}.flatten.uniq
|
| 300 |
roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
|
|
| 300 |
roles.any? {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
|
|
| 301 | 301 |
else |
| 302 | 302 |
false |
| 303 | 303 |
end |
| redmine/lib/redmine.rb 2010-05-05 22:39:13.741931615 +0400 | ||
|---|---|---|
| 25 | 25 | |
| 26 | 26 |
# Permissions |
| 27 | 27 |
Redmine::AccessControl.map do |map| |
| 28 |
map.permission :view_project, {:projects => [:show, :activity]}, :public => true
|
|
| 28 |
map.permission :view_project, {:projects => :show}, :public => true
|
|
| 29 | 29 |
map.permission :search_project, {:search => :index}, :public => true
|
| 30 | 30 |
map.permission :add_project, {:projects => :add}, :require => :loggedin
|
| 31 | 31 |
map.permission :edit_project, {:projects => [:settings, :edit]}, :require => :member
|
| ... | ... | |
| 38 | 38 |
# Issue categories |
| 39 | 39 |
map.permission :manage_categories, {:projects => [:settings, :add_issue_category], :issue_categories => [:edit, :destroy]}, :require => :member
|
| 40 | 40 |
# Issues |
| 41 |
map.permission :view_issues, {:projects => :roadmap,
|
|
| 41 |
map.permission :view_issues, {:projects => [:roadmap, :activity],
|
|
| 42 | 42 |
:issues => [:index, :changes, :show, :context_menu], |
| 43 | 43 |
:versions => [:show, :status_by], |
| 44 | 44 |
:queries => :index, |
| 45 | 45 |
:reports => :issue_report} |
| 46 |
map.permission :add_issues, {:issues => [:new, :update_form]}
|
|
| 46 |
map.permission :add_issues, {:issues => [:new, :update_form, :index, :show]}
|
|
| 47 | 47 |
map.permission :edit_issues, {:issues => [:edit, :reply, :bulk_edit, :update_form]}
|
| 48 | 48 |
map.permission :manage_issue_relations, {:issue_relations => [:new, :destroy]}
|
| 49 | 49 |
map.permission :add_issue_notes, {:issues => [:edit, :reply]}
|
| ... | ... | |
| 74 | 74 |
map.project_module :news do |map| |
| 75 | 75 |
map.permission :manage_news, {:news => [:new, :edit, :destroy, :destroy_comment]}, :require => :member
|
| 76 | 76 |
map.permission :view_news, {:news => [:index, :show]}, :public => true
|
| 77 |
map.permission :comment_news, {:news => :add_comment}
|
|
| 77 |
map.permission :comment_news, {:projects => :activity, :news => :add_comment}
|
|
| 78 | 78 |
end |
| 79 | 79 | |
| 80 | 80 |
map.project_module :documents do |map| |
| 81 | 81 |
map.permission :manage_documents, {:documents => [:new, :edit, :destroy, :add_attachment]}, :require => :loggedin
|
| 82 |
map.permission :view_documents, :documents => [:index, :show, :download] |
|
| 82 |
map.permission :view_documents, :projects => :activity, :documents => [:index, :show, :download]
|
|
| 83 | 83 |
end |
| 84 | 84 |
|
| 85 | 85 |
map.project_module :files do |map| |
| 86 | 86 |
map.permission :manage_files, {:projects => :add_file}, :require => :loggedin
|
| 87 |
map.permission :view_files, :projects => :list_files, :versions => :download
|
|
| 87 |
map.permission :view_files, :projects => [:list_files, :activity], :versions => :download
|
|
| 88 | 88 |
end |
| 89 | 89 |
|
| 90 | 90 |
map.project_module :wiki do |map| |
| 91 | 91 |
map.permission :manage_wiki, {:wikis => [:edit, :destroy]}, :require => :member
|
| 92 | 92 |
map.permission :rename_wiki_pages, {:wiki => :rename}, :require => :member
|
| 93 | 93 |
map.permission :delete_wiki_pages, {:wiki => :destroy}, :require => :member
|
| 94 |
map.permission :view_wiki_pages, :wiki => [:index, :special] |
|
| 94 |
map.permission :view_wiki_pages, :projects => :activity, :wiki => [:index, :special]
|
|
| 95 | 95 |
map.permission :view_wiki_edits, :wiki => [:history, :diff, :annotate] |
| 96 | 96 |
map.permission :edit_wiki_pages, :wiki => [:edit, :preview, :add_attachment] |
| 97 | 97 |
map.permission :delete_wiki_pages_attachments, {}
|
| ... | ... | |
| 100 | 100 |
|
| 101 | 101 |
map.project_module :repository do |map| |
| 102 | 102 |
map.permission :manage_repository, {:repositories => [:edit, :committers, :destroy]}, :require => :member
|
| 103 |
map.permission :browse_repository, :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph] |
|
| 104 |
map.permission :view_changesets, :repositories => [:show, :revisions, :revision] |
|
| 103 |
map.permission :browse_repository, :projects => :activity, :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph]
|
|
| 104 |
map.permission :view_changesets, :projects => :activity, :repositories => [:show, :revisions, :revision]
|
|
| 105 | 105 |
map.permission :commit_access, {}
|
| 106 | 106 |
end |
| 107 | 107 | |
| 108 | 108 |
map.project_module :boards do |map| |
| 109 | 109 |
map.permission :manage_boards, {:boards => [:new, :edit, :destroy]}, :require => :member
|
| 110 | 110 |
map.permission :view_messages, {:boards => [:index, :show], :messages => [:show]}, :public => true
|
| 111 |
map.permission :add_messages, {:messages => [:new, :reply, :quote]}
|
|
| 111 |
map.permission :add_messages, {:projects => :activity, :messages => [:new, :reply, :quote]}
|
|
| 112 | 112 |
map.permission :edit_messages, {:messages => :edit}, :require => :member
|
| 113 | 113 |
map.permission :edit_own_messages, {:messages => :edit}, :require => :loggedin
|
| 114 | 114 |
map.permission :delete_messages, {:messages => :destroy}, :require => :member
|
| redmine/test/fixtures/issues.yml 2010-05-02 23:55:08.325150668 +0400 | ||
|---|---|---|
| 86 | 86 |
category_id: |
| 87 | 87 |
description: This is an issue of a private subproject of cookbook |
| 88 | 88 |
tracker_id: 1 |
| 89 |
assigned_to_id: |
|
| 89 |
assigned_to_id: 12
|
|
| 90 | 90 |
author_id: 2 |
| 91 | 91 |
status_id: 1 |
| 92 | 92 |
start_date: <%= Date.today.to_s(:db) %> |
| 93 |
due_date: <%= 1.days.from_now.to_date.to_s(:db) %> |
|
| 94 | 93 |
issues_007: |
| 95 | 94 |
created_on: <%= 10.days.ago.to_date.to_s(:db) %> |
| 96 | 95 |
project_id: 1 |
| ... | ... | |
| 203 | 202 |
assigned_to_id: |
| 204 | 203 |
author_id: 2 |
| 205 | 204 |
status_id: 1 |
| 205 |
issues_014: |
|
| 206 |
created_on: <%= 5.days.ago.to_date.to_s(:db) %> |
|
| 207 |
project_id: 5 |
|
| 208 |
updated_on: <%= 2.days.ago.to_date.to_s(:db) %> |
|
| 209 |
priority_id: 5 |
|
| 210 |
subject: Test own message |
|
| 211 |
id: 14 |
|
| 212 |
fixed_version_id: |
|
| 213 |
category_id: |
|
| 214 |
description: Test own message |
|
| 215 |
tracker_id: 1 |
|
| 216 |
assigned_to_id: |
|
| 217 |
author_id: 12 |
|
| 218 |
status_id: 1 |
|
| redmine/test/fixtures/member_roles.yml 2010-05-02 11:23:54.235688297 +0400 | ||
|---|---|---|
| 47 | 47 |
role_id: 2 |
| 48 | 48 |
member_id: 10 |
| 49 | 49 |
inherited_from: 10 |
| 50 |
member_roles_012: |
|
| 51 |
id: 12 |
|
| 52 |
role_id: 6 |
|
| 53 |
member_id: 11 |
|
| 54 |
inherited_from: 11 |
|
| redmine/test/fixtures/members.yml 2010-05-02 14:02:44.426675930 +0400 | ||
|---|---|---|
| 60 | 60 |
project_id: 2 |
| 61 | 61 |
user_id: 8 |
| 62 | 62 |
mail_notification: false |
| 63 |
members_011: |
|
| 64 |
id: 11 |
|
| 65 |
created_on: 2006-07-19 19:35:33 +02:00 |
|
| 66 |
project_id: 5 |
|
| 67 |
user_id: 12 |
|
| 68 |
mail_notification: false |
|
| redmine/test/fixtures/roles.yml 2010-05-02 11:30:00.746683471 +0400 | ||
|---|---|---|
| 181 | 181 |
- :view_changesets |
| 182 | 182 | |
| 183 | 183 |
position: 5 |
| 184 |
roles_006: |
|
| 185 |
name: Reporter2 |
|
| 186 |
id: 6 |
|
| 187 |
builtin: 0 |
|
| 188 |
permissions: | |
|
| 189 |
--- |
|
| 190 |
- :add_issues |
|
| 191 | ||
| 192 |
position: 6 |
|
| 184 | 193 | |
| redmine/test/fixtures/users.yml 2010-05-02 13:37:29.807310462 +0400 | ||
|---|---|---|
| 152 | 152 |
id: 11 |
| 153 | 153 |
lastname: B Team |
| 154 | 154 |
type: Group |
| 155 |
users_012: |
|
| 156 |
id: 12 |
|
| 157 |
created_on: 2006-07-19 19:33:19 +02:00 |
|
| 158 |
status: 1 |
|
| 159 |
last_login_on: |
|
| 160 |
language: 'ru' |
|
| 161 |
hashed_password: 1 |
|
| 162 |
updated_on: 2006-07-19 19:33:19 +02:00 |
|
| 163 |
admin: false |
|
| 164 |
mail: vasia@foo.bar |
|
| 165 |
lastname: Vasia |
|
| 166 |
firstname: Pupkin |
|
| 167 |
auth_source_id: |
|
| 168 |
mail_notification: false |
|
| 169 |
login: vasia |
|
| 170 |
type: User |
|
| 155 | 171 | |
| 156 | 172 |
|
| redmine/test/fixtures/watchers.yml 2010-05-02 14:10:33.450735744 +0400 | ||
|---|---|---|
| 11 | 11 |
watchable_type: Issue |
| 12 | 12 |
watchable_id: 2 |
| 13 | 13 |
user_id: 1 |
| 14 |
watchers_004: |
|
| 15 |
watchable_type: Issue |
|
| 16 |
watchable_id: 9 |
|
| 17 |
user_id: 12 |
|
| 14 | 18 |
|
| redmine/test/functional/issues_controller_test.rb 2010-05-02 14:11:07.723876157 +0400 | ||
|---|---|---|
| 411 | 411 |
|
| 412 | 412 |
def test_show_should_deny_member_access_without_permission |
| 413 | 413 |
Role.find(1).remove_permission!(:view_issues) |
| 414 |
Role.find(1).remove_permission!(:add_issues) |
|
| 414 | 415 |
@request.session[:user_id] = 2 |
| 415 | 416 |
get :show, :id => 1 |
| 416 | 417 |
assert_response 403 |
| ... | ... | |
| 458 | 459 |
assert_not_nil assigns(:issue) |
| 459 | 460 |
end |
| 460 | 461 | |
| 462 |
def test_show_own_issue_by_author |
|
| 463 |
@request.session[:user_id] = 12 |
|
| 464 |
get :show, :id => 14 |
|
| 465 |
assert_response :success |
|
| 466 |
end |
|
| 467 | ||
| 468 |
def test_show_own_issue_by_assigned |
|
| 469 |
@request.session[:user_id] = 12 |
|
| 470 |
get :show, :id => 6 |
|
| 471 |
assert_response :success |
|
| 472 |
end |
|
| 473 | ||
| 474 |
def test_show_own_issue_by_watcher |
|
| 475 |
@request.session[:user_id] = 12 |
|
| 476 |
get :show, :id => 9 |
|
| 477 |
assert_response :success |
|
| 478 |
end |
|
| 479 | ||
| 480 |
def test_show_should_deny_access_without_permission |
|
| 481 |
@request.session[:user_id] = 12 |
|
| 482 |
get :show, :id => 10 |
|
| 483 |
assert_response 403 |
|
| 484 |
end |
|
| 485 | ||
| 461 | 486 |
def test_get_new |
| 462 | 487 |
@request.session[:user_id] = 2 |
| 463 | 488 |
get :new, :project_id => 1, :tracker_id => 1 |
| redmine/test/unit/attachment_test.rb 2010-05-05 08:51:42.104691844 +0400 | ||
|---|---|---|
| 20 | 20 |
require File.dirname(__FILE__) + '/../test_helper' |
| 21 | 21 | |
| 22 | 22 |
class AttachmentTest < ActiveSupport::TestCase |
| 23 |
fixtures :issues, :users |
|
| 23 |
fixtures :issues, :users, :watchers
|
|
| 24 | 24 |
|
| 25 | 25 |
def setup |
| 26 | 26 |
end |
| ... | ... | |
| 53 | 53 |
assert_equal 'f8139524ebb8f32e51976982cd20a85d', Attachment.disk_filename("test_accentué")[13..-1]
|
| 54 | 54 |
assert_equal 'cbb5b0f30978ba03731d61f9f6d10011', Attachment.disk_filename("test_accentué.ça")[13..-1]
|
| 55 | 55 |
end |
| 56 |
|
|
| 57 |
def test_visible_file_for_issue |
|
| 58 |
# Set "Add issue", unset "View issue" on default for user #12 |
|
| 59 |
# author |
|
| 60 |
a = Attachment.new(:container => Issue.find(14), :file => uploaded_test_file("testfile.txt", ""), :author => User.find(2))
|
|
| 61 |
assert a.save |
|
| 62 |
assert_equal true, a.visible?(User.find(12)) |
|
| 63 |
# assigned to |
|
| 64 |
a = Attachment.new(:container => Issue.find(6), :file => uploaded_test_file("testfile.txt", ""), :author => User.find(2))
|
|
| 65 |
assert a.save |
|
| 66 |
assert_equal true, a.visible?(User.find(12)) |
|
| 67 |
# watcher |
|
| 68 |
a = Attachment.new(:container => Issue.find(9), :file => uploaded_test_file("testfile.txt", ""), :author => User.find(2))
|
|
| 69 |
assert a.save |
|
| 70 |
assert_equal true, a.visible?(User.find(12)) |
|
| 71 |
# other |
|
| 72 |
a = Attachment.new(:container => Issue.find(10), :file => uploaded_test_file("testfile.txt", ""), :author => User.find(2))
|
|
| 73 |
assert a.save |
|
| 74 |
assert_equal false, a.visible?(User.find(12)) |
|
| 75 |
Role.find(6).add_permission!(:view_issues) |
|
| 76 |
assert_equal true, a.visible?(User.find(12)) |
|
| 77 |
end |
|
| 56 | 78 |
end |
| redmine/test/unit/issue_test.rb 2010-05-02 14:50:06.631821484 +0400 | ||
|---|---|---|
| 105 | 105 |
assert issues.detect {|issue| !issue.project.is_public?}
|
| 106 | 106 |
end |
| 107 | 107 |
|
| 108 |
def test_visible |
|
| 109 |
user=User.find(12) |
|
| 110 |
issue = Issue.new(:project_id => 5, :tracker_id => 1, :author_id => 2, :status_id => 1, :priority => IssuePriority.all.first, :subject => 'test_own', :description => 'IssueTest#test_own', :estimated_hours => '5:30') |
|
| 111 |
assert issue.save |
|
| 112 |
issue.reload |
|
| 113 |
# Test for user, with "View_issue" |
|
| 114 |
assert_equal true, issue.visible?(User.find(8)) |
|
| 115 |
# Test for user, without "View issue", but with "Add issue" |
|
| 116 |
assert_equal false, issue.visible?(user) |
|
| 117 |
# Test for assinged user |
|
| 118 |
issue.assigned_to=user |
|
| 119 |
assert_equal true, issue.visible?(user) |
|
| 120 |
# Test for watcher |
|
| 121 |
issue.assigned_to=nil |
|
| 122 |
issue.add_watcher(user) |
|
| 123 |
assert_equal true, issue.visible?(user) |
|
| 124 |
# Test for author |
|
| 125 |
issue = Issue.new(:project_id => 5, :tracker_id => 1, :author_id => 12, :status_id => 1, :priority => IssuePriority.all.first, :subject => 'test_own', :description => 'IssueTest#test_own', :estimated_hours => '5:30') |
|
| 126 |
assert issue.save |
|
| 127 |
issue.reload |
|
| 128 |
assert_equal true, issue.visible?(user) |
|
| 129 |
end |
|
| 130 | ||
| 108 | 131 |
def test_errors_full_messages_should_include_custom_fields_errors |
| 109 | 132 |
field = IssueCustomField.find_by_name('Database')
|
| 110 | 133 |
|
| redmine/test/unit/mailer_test.rb 2010-05-02 15:27:00.495894531 +0400 | ||
|---|---|---|
| 199 | 199 |
user = User.find(9) |
| 200 | 200 |
Watcher.create!(:watchable => @issue, :user => user) |
| 201 | 201 |
Role.non_member.remove_permission!(:view_issues) |
| 202 |
Role.non_member.remove_permission!(:add_issues) |
|
| 202 | 203 |
assert Mailer.deliver_issue_add(@issue) |
| 203 | 204 |
assert !last_email.bcc.include?(user.mail) |
| 204 | 205 |
end |
| redmine/vendor/plugins/acts_as_attachable/lib/acts_as_attachable.rb 2010-05-04 23:34:45.999335862 +0400 | ||
|---|---|---|
| 42 | 42 |
end |
| 43 | 43 |
|
| 44 | 44 |
def attachments_visible?(user=User.current) |
| 45 |
user.allowed_to?(self.class.attachable_options[:view_permission], self.project) |
|
| 45 |
user.allowed_to?(self.class.attachable_options[:view_permission], self.project) || is_a?(Issue) && self.visible?(user)
|
|
| 46 | 46 |
end |
| 47 | 47 |
|
| 48 | 48 |
def attachments_deletable?(user=User.current) |