diff --git a/app/models/issue.rb b/app/models/issue.rb index 0b8a2b2..098572b 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -131,6 +131,10 @@ class Issue < ActiveRecord::Base when 'own' user_ids = [user.id] + user.groups.map(&:id).compact "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" + when 'watched' + user_ids = [user.id] + user.groups.map(&:id).compact + watcher_select = Watcher.where(watchable_type: self.base_class.name, user_id: user.id).select(:watchable_id).to_sql + "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (#{watcher_select}))" else '1=0' end @@ -160,6 +164,8 @@ class Issue < ActiveRecord::Base !self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to)) when 'own' self.author == user || user.is_or_belongs_to?(assigned_to) + when 'watched' + self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user) else false end diff --git a/app/models/role.rb b/app/models/role.rb index a307a51..3cb6c44 100644 --- a/app/models/role.rb +++ b/app/models/role.rb @@ -38,7 +38,8 @@ class Role < ActiveRecord::Base ISSUES_VISIBILITY_OPTIONS = [ ['all', :label_issues_visibility_all], ['default', :label_issues_visibility_public], - ['own', :label_issues_visibility_own] + ['own', :label_issues_visibility_own], + ['watched', :label_issues_visibility_watched] ] TIME_ENTRIES_VISIBILITY_OPTIONS = [ diff --git a/config/locales/de.yml b/config/locales/de.yml index e9be511..aeaef91 100644 --- a/config/locales/de.yml +++ b/config/locales/de.yml @@ -595,6 +595,7 @@ de: label_issues_visibility_all: Alle Tickets label_issues_visibility_own: Tickets die folgender Benutzer erstellt hat oder die ihm zugewiesen sind label_issues_visibility_public: Alle öffentlichen Tickets + label_issues_visibility_watched: "Aufgaben die folgender Benutzer beobachtet, erstellt hat oder die ihm zugewiesen sind" label_item_position: "%{position}/%{count}" label_jump_to_a_project: Zu einem Projekt springen... label_language_based: Sprachabhängig diff --git a/config/locales/en.yml b/config/locales/en.yml index 7c07adb..e1d2cae 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -916,6 +916,7 @@ en: label_issues_visibility_all: All issues label_issues_visibility_public: All non private issues label_issues_visibility_own: Issues created by or assigned to the user + label_issues_visibility_watched: Issues watched by, created by or assigned to the user label_git_report_last_commit: Report last commit for files and directories label_parent_revision: Parent label_child_revision: Child diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb index 78a0655..553e2c5 100644 --- a/test/unit/issue_test.rb +++ b/test/unit/issue_test.rb @@ -255,6 +255,13 @@ class IssueTest < ActiveSupport::TestCase assert !issue.visible?(User.anonymous) end + def test_anonymous_should_not_see_private_issues_with_issues_visibility_set_to_watched + assert Role.anonymous.update_attribute(:issues_visibility, 'watched') + issue = Issue.generate!(:author => User.anonymous, :assigned_to => User.anonymous, :is_private => true) + assert_nil Issue.where(:id => issue.id).visible(User.anonymous).first + assert !issue.visible?(User.anonymous) + end + def test_visible_scope_for_non_member user = User.find(9) assert user.projects.empty? @@ -277,6 +284,18 @@ class IssueTest < ActiveSupport::TestCase assert_visibility_match user, issues end + def test_visible_scope_for_non_member_with_watched_issues_visibility + Role.non_member.update_attribute :issues_visibility, 'watched' + issue = Issue.generate!(:project_id => 1, :tracker_id => 1, :author => User.anonymous, :subject => 'Issue by non member') + user = User.find(9) + issue.add_watcher(user) + + issues = Issue.visible(user).all + assert issues.any? + assert_nil issues.detect {|issue| !issue.watched_by?(user) } + assert_visibility_match user, issues + end + def test_visible_scope_for_non_member_without_view_issues_permissions # Non member user should not see issues without permission Role.non_member.remove_permission!(:view_issues)