redmine_own_v.2.patch - Redmine

redmine/app/controllers/issues_controller.rb 2010-10-08 12:16:20.337725004 +0400
97	97	end
98	98
99	99	def show
	100	return render_403 if !@issue.visible?
100	101	@journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
101	102	@journals.each_with_index {\|j,i\| j.indice = i+1}
102	103	@journals.reverse! if User.current.wants_comments_in_reverse_order?

       after_destroy :update_parent_attributes
       # Returns true if usr or current user is allowed to view the issue
       def visible?(usr=nil)
         (usr || User.current).allowed_to?(:view_issues, self.project)
       def visible?(user=User.current)
         user.allowed_to?(:view_issues, self.project) || user.allowed_to?(:add_issues, self.project) && (author == user || assigned_to == user || watched_by?(user))
       end
       def after_initialize

         group_by_column.groupable
       end
       def project_statement
       def project_statement(own=nil)
         project_clauses = []
         if project && !@project.descendants.active.empty?
           ids = [project.id]
-...
         elsif project
           project_clauses << "#{Project.table_name}.id = %d" % project.id
         end
         project_clauses <<  Project.allowed_to_condition(User.current, :view_issues)
         if own
           wt = Watcher.table_name
           uc = User.current.id.to_s
           project_clauses << '('+Project.allowed_to_condition(User.current, :view_issues)+' OR '+Project.allowed_to_condition(User.current, :add_issues)+
             " AND (#{Issue.table_name}.author_id=#{uc} OR "+
                   "#{Issue.table_name}.assigned_to_id=#{uc} OR "+
                   "#{Issue.table_name}.id IN (SELECT #{wt}.watchable_id FROM #{wt} WHERE #{wt}.watchable_type='Issue' AND user_id=#{uc}))"+")"
         else
           project_clauses << Project.allowed_to_condition(User.current, :view_issues)
         end
         project_clauses.join(' AND ')
       end
-...
         end if filters and valid?
         (filters_clauses << project_statement).join(' AND ')
         (filters_clauses << project_statement(true)).join(' AND ')
       end
       # Returns the issue count

           roles = roles_for_project(project)
           return false unless roles
           roles.detect {|role| (context.is_public? || role.member?) && role.allowed_to?(action)}
           roles.any? {|role| (context.is_public? || role.member?) && role.allowed_to?(action)}
         elsif options[:global]
           # Admin users are always authorized
-...
           # authorize if user has at least one role that has this permission
           roles = memberships.collect {|m| m.roles}.flatten.uniq
           roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
           roles.any? {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
         else
           false
         end

     # Permissions
     Redmine::AccessControl.map do |map|
       map.permission :view_project, {:projects => [:show], :activities => [:index]}, :public => true
       map.permission :view_project, {:projects => [:show]}, :public => true
       map.permission :search_project, {:search => :index}, :public => true
       map.permission :add_project, {:projects => [:new, :create]}, :require => :loggedin
       map.permission :edit_project, {:projects => [:settings, :edit, :update]}, :require => :member
-...
         map.permission :manage_categories, {:projects => :settings, :issue_categories => [:new, :edit, :destroy]}, :require => :member
         # Issues
         map.permission :view_issues, {:issues => [:index, :show],
                                       :activities => [:index],
                                       :auto_complete => [:issues],
                                       :context_menus => [:issues],
                                       :versions => [:index, :show, :status_by],
                                       :journals => :index,
                                       :queries => :index,
                                       :reports => [:issue_report, :issue_report_details]}
         map.permission :add_issues, {:issues => [:new, :create, :update_form]}
         map.permission :add_issues, {:issues => [:new, :create, :update_form, :index, :show]}
         map.permission :edit_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update, :update_form], :journals => [:new]}
         map.permission :manage_issue_relations, {:issue_relations => [:new, :destroy]}
         map.permission :manage_subtasks, {}
-...
       map.project_module :news do |map|
         map.permission :manage_news, {:news => [:new, :edit, :destroy, :destroy_comment]}, :require => :member
         map.permission :view_news, {:news => [:index, :show]}, :public => true
         map.permission :comment_news, {:comments => :create}
         map.permission :comment_news, {:activities => [:index], :comments => :create}
       end
       map.project_module :documents do |map|
-...
       map.project_module :repository do |map|
         map.permission :manage_repository, {:repositories => [:edit, :committers, :destroy]}, :require => :member
         map.permission :browse_repository, :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph]
         map.permission :view_changesets, :repositories => [:show, :revisions, :revision]
         map.permission :browse_repository, {:activities => [:index], :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph]}
         map.permission :view_changesets, {:activities => [:index], :repositories => [:show, :revisions, :revision]}
         map.permission :commit_access, {}
       end
       map.project_module :boards do |map|
         map.permission :manage_boards, {:boards => [:new, :edit, :destroy]}, :require => :member
         map.permission :view_messages, {:boards => [:index, :show], :messages => [:show]}, :public => true
         map.permission :add_messages, {:messages => [:new, :reply, :quote]}
         map.permission :add_messages, {:activities => [:index], :messages => [:new, :reply, :quote]}
         map.permission :edit_messages, {:messages => :edit}, :require => :member
         map.permission :edit_own_messages, {:messages => :edit}, :require => :loggedin
         map.permission :delete_messages, {:messages => :destroy}, :require => :member

       category_id:
       description: This is an issue of a private subproject of cookbook
       tracker_id: 1
       assigned_to_id:
       assigned_to_id: 12
       author_id: 2
       status_id: 1
       start_date: <%= Date.today.to_s(:db) %>
       due_date: <%= 1.days.from_now.to_date.to_s(:db) %>
       root_id: 6
       lft: 1
       rgt: 2
-...
       root_id: 13
       lft: 1
       rgt: 2
     issues_014:
       created_on: <%= 5.days.ago.to_date.to_s(:db) %>
       project_id: 5
       updated_on: <%= 2.days.ago.to_date.to_s(:db) %>
       priority_id: 5
       subject: Test own message
       id: 14
       fixed_version_id:
       category_id:
       description: Test own message
       tracker_id: 1
       assigned_to_id:
       author_id: 12
       status_id: 1
       root_id: 14
       lft: 1
       rgt: 2

       role_id: 2
       member_id: 10
       inherited_from: 10
     member_roles_012:
       id: 12
       role_id: 6
       member_id: 11
       inherited_from: 11

       project_id: 2
       user_id: 8
       mail_notification: false
     members_011:
       id: 11
       created_on: 2006-07-19 19:35:33 +02:00
       project_id: 5
       user_id: 12
       mail_notification: false

         - :view_changesets
       position: 5
     roles_006:
       name: Reporter2
       id: 6
       builtin: 0
       permissions: |
         ---
         - :add_issues
       position: 6

       id: 11
       lastname: B Team
       type: Group
     users_012:
       id: 12
       created_on: 2006-07-19 19:33:19 +02:00
       status: 1
       last_login_on:
       language: 'ru'
       hashed_password: 1
       updated_on: 2006-07-19 19:33:19 +02:00
       admin: false
       mail: vasia@foo.bar
       lastname: Vasia
       firstname: Pupkin
       auth_source_id:
       mail_notification: false
       login: vasia
       type: User

       watchable_type: Issue
       watchable_id: 2
       user_id: 1
     watchers_004:
       watchable_type: Issue
       watchable_id: 9
       user_id: 12

       def test_show_should_deny_member_access_without_permission
         Role.find(1).remove_permission!(:view_issues)
         Role.find(1).remove_permission!(:add_issues)
         @request.session[:user_id] = 2
         get :show, :id => 1
         assert_response 403
-...
         assert_not_nil assigns(:issue)
       end
       def test_show_own_issue_by_author
         @request.session[:user_id] = 12
         get :show, :id => 14
         assert_response :success
       end
       def test_show_own_issue_by_assigned
         @request.session[:user_id] = 12
         get :show, :id => 6
         assert_response :success
       end
       def test_show_own_issue_by_watcher
         @request.session[:user_id] = 12
         get :show, :id => 9
         assert_response :success
       end
       def test_show_should_deny_access_without_permission
         @request.session[:user_id] = 12
         get :show, :id => 10
         assert_response 403
       end
       def test_get_new
         @request.session[:user_id] = 2
         get :new, :project_id => 1, :tracker_id => 1

     require File.dirname(__FILE__) + '/../test_helper'
     class AttachmentTest < ActiveSupport::TestCase
       fixtures :issues, :users
       fixtures :issues, :users, :watchers
       def setup
       end
-...
           end
         end
       end
       def test_visible_file_for_issue
         # Set "Add issue", unset "View issue" on default for user #12
         # author
         a = Attachment.new(:container => Issue.find(14), :file => uploaded_test_file("testfile.txt", ""), :author => User.find(2))
         assert a.save
         assert_equal true, a.visible?(User.find(12))
         # assigned to
         a = Attachment.new(:container => Issue.find(6), :file => uploaded_test_file("testfile.txt", ""), :author => User.find(2))
         assert a.save
         assert_equal true, a.visible?(User.find(12))
         # watcher
         a = Attachment.new(:container => Issue.find(9), :file => uploaded_test_file("testfile.txt", ""), :author => User.find(2))
         assert a.save
         assert_equal true, a.visible?(User.find(12))
         # other
         a = Attachment.new(:container => Issue.find(10), :file => uploaded_test_file("testfile.txt", ""), :author => User.find(2))
         assert a.save
         assert_equal false, a.visible?(User.find(12))
         Role.find(6).add_permission!(:view_issues)
         assert_equal true, a.visible?(User.find(12))
       end
     end

         assert issues.detect {|issue| !issue.project.is_public?}
       end
       def test_visible
         user=User.find(12)
         issue = Issue.new(:project_id => 5, :tracker_id => 1, :author_id => 2, :status_id => 1, :priority => IssuePriority.all.first, :subject => 'test_own', :description => 'IssueTest#test_own', :estimated_hours => '5:30')
         assert issue.save
         issue.reload
         # Test for user, with "View_issue"
         assert_equal true, issue.visible?(User.find(8))
         # Test for user, without "View issue", but with "Add issue"
         assert_equal false, issue.visible?(user)
         # Test for assinged user
         issue.assigned_to=user
         assert_equal true, issue.visible?(user)
         # Test for watcher
         issue.assigned_to=nil
         issue.add_watcher(user)
         assert_equal true, issue.visible?(user)
         # Test for author
         issue = Issue.new(:project_id => 5, :tracker_id => 1, :author_id => 12, :status_id => 1, :priority => IssuePriority.all.first, :subject => 'test_own', :description => 'IssueTest#test_own', :estimated_hours => '5:30')
         assert issue.save
         issue.reload
         assert_equal true, issue.visible?(user)
       end
       def test_errors_full_messages_should_include_custom_fields_errors
         field = IssueCustomField.find_by_name('Database')
-...
       test "#by_subproject" do
         groups = Issue.by_subproject(Project.find(1))
         assert_equal 2, groups.size
         assert_equal 5, groups.inject(0) {|sum, group| sum + group['total'].to_i}
         assert_equal 6, groups.inject(0) {|sum, group| sum + group['total'].to_i}
       end

redmine/test/unit/mailer_test.rb 2010-10-08 12:16:20.350722465 +0400
235	235	user = User.find(9)
236	236	Watcher.create!(:watchable => @issue, :user => user)
237	237	Role.non_member.remove_permission!(:view_issues)
	238	Role.non_member.remove_permission!(:add_issues)
238	239	assert Mailer.deliver_issue_add(@issue)
239	240	assert !last_email.bcc.include?(user.mail)
240	241	end

             end
             def attachments_visible?(user=User.current)
               user.allowed_to?(self.class.attachable_options[:view_permission], self.project)
               user.allowed_to?(self.class.attachable_options[:view_permission], self.project) || is_a?(Issue) && self.visible?(user)
             end
             def attachments_deletable?(user=User.current)

Project

General

Profile

Redmine

Feature #2653 » redmine_own_v.2.patch