https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292012-11-01T12:27:59ZRedmineRedmine - Defect #12286: Emails of private notes are sent to watcher users regardless of viewing permissionshttps://www.redmine.org/issues/12286?journal_id=425952012-11-01T12:27:59ZRicardo S
<ul></ul><p>The affected version is <strong>Redmine 2.1.2.devel.10772</strong><br />The rails version is <strong>Rails 3.2.8</strong></p> Redmine - Defect #12286: Emails of private notes are sent to watcher users regardless of viewing permissionshttps://www.redmine.org/issues/12286?journal_id=426112012-11-02T09:34:17ZArjen van der Veen
<ul></ul><p>I tried the proposed solution and it works for me. Thank you!</p> Redmine - Defect #12286: Emails of private notes are sent to watcher users regardless of viewing permissionshttps://www.redmine.org/issues/12286?journal_id=426192012-11-02T11:07:05ZDaniel Felix
<ul></ul><p>Testet with revision 10781 and works for me.</p> Redmine - Defect #12286: Emails of private notes are sent to watcher users regardless of viewing permissionshttps://www.redmine.org/issues/12286?journal_id=426242012-11-02T12:27:07ZRicardo S
<ul></ul><p>Daniel, make sure you do the following steps:</p>
<ol>
<li>Login as user <strong>U1</strong></li>
<li>Assign an user <strong>U2</strong> as a watcher on a issue <strong>I</strong> of project <strong>P</strong> (user <strong>U2</strong> must not have permission to view private notes on that project <strong>P</strong>)</li>
<li>Write a private note on issue <strong>I</strong></li>
</ol>
<p>User <strong>U2</strong> now receives a notification email when it shouldn't.</p>
<p>On <a class="changeset" title="Fixed test/unit/issue_category_test.rb breaking when run alone (#12285)" href="https://www.redmine.org/projects/redmine/repository/svn/revisions/10781">r10781</a>, neither <strong>Mailer</strong> nor <strong>ActsAsWatchable</strong> are fixed so you should still be able to reproduce it:<br /><pre><code class="ruby syntaxhl"><span class="mi">65</span><span class="o">|</span> <span class="n">recipients</span> <span class="o">=</span> <span class="n">journal</span><span class="p">.</span><span class="nf">recipient</span> <span class="c1"># Assigns author, assignee selecting those who can view private_notes</span>
<span class="mi">66</span><span class="o">|</span> <span class="c1"># Watchers in cc</span>
<span class="mi">67</span><span class="o">|</span> <span class="n">cc</span> <span class="o">=</span> <span class="n">issue</span><span class="p">.</span><span class="nf">watcher_recipients</span> <span class="o">-</span> <span class="n">recipients</span> <span class="c1"># watcher_recipients selects all the watchers that can view</span>
<span class="c1"># the issue without rejecting those who can't view private notes</span>
</code></pre></p>
<p>Here's a correction on my solution (I forgot to filter the watchers like it is done on ActsAsWatchable):<br /><pre><code class="ruby syntaxhl"><span class="n">recipients</span> <span class="o">=</span> <span class="n">journal</span><span class="p">.</span><span class="nf">recipients</span>
<span class="n">watchers</span> <span class="o">=</span> <span class="n">journal</span><span class="p">.</span><span class="nf">journalized</span><span class="p">.</span><span class="nf">watcher_users</span><span class="p">.</span><span class="nf">active</span>
<span class="n">watchers</span><span class="p">.</span><span class="nf">reject!</span> <span class="p">{</span><span class="o">|</span><span class="n">user</span><span class="o">|</span> <span class="n">user</span><span class="p">.</span><span class="nf">mail_notification</span> <span class="o">==</span> <span class="s1">'none'</span> <span class="o">||</span> <span class="o">!</span><span class="n">journal</span><span class="p">.</span><span class="nf">visible?</span><span class="p">(</span><span class="n">user</span><span class="p">)}</span>
<span class="n">cc</span> <span class="o">=</span> <span class="n">watchers</span><span class="p">.</span><span class="nf">collect</span><span class="p">(</span><span class="o">&</span><span class="ss">:mail</span><span class="p">).</span><span class="nf">compact</span> <span class="o">-</span> <span class="n">recipients</span>
</code></pre></p> Redmine - Defect #12286: Emails of private notes are sent to watcher users regardless of viewing permissionshttps://www.redmine.org/issues/12286?journal_id=426262012-11-02T14:20:32ZDaniel Felix
<ul></ul><p>Ricardo S wrote:</p>
<blockquote>
<p>On <a class="changeset" title="Fixed test/unit/issue_category_test.rb breaking when run alone (#12285)" href="https://www.redmine.org/projects/redmine/repository/svn/revisions/10781">r10781</a>, neither <strong>Mailer</strong> nor <strong>ActsAsWatchable</strong> are fixed so you should still be able to reproduce it:</p>
</blockquote>
<p>Hi Ricardo,</p>
<p>well I meaned that your patch worked for me. Sorry for the missleading note.</p>
<p>I've tried your patch in this revision and it worked for me (it fixes the descripted problem). ;-)</p> Redmine - Defect #12286: Emails of private notes are sent to watcher users regardless of viewing permissionshttps://www.redmine.org/issues/12286?journal_id=426612012-11-05T14:15:13ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Confirmed</i></li><li><strong>Assignee</strong> set to <i>Jean-Philippe Lang</i></li></ul> Redmine - Defect #12286: Emails of private notes are sent to watcher users regardless of viewing permissionshttps://www.redmine.org/issues/12286?journal_id=426622012-11-05T14:25:59ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Target version</strong> set to <i>2.2.0</i></li></ul> Redmine - Defect #12286: Emails of private notes are sent to watcher users regardless of viewing permissionshttps://www.redmine.org/issues/12286?journal_id=426682012-11-05T16:22:06ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Status</strong> changed from <i>Confirmed</i> to <i>Closed</i></li><li><strong>Affected version (unused)</strong> set to <i>devel</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul><p>Fixed with test in <a class="changeset" title="Fixed that watchers receive notifications for private comments without permission (#12286)." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/10789">r10789</a>, thanks for pointing this out.</p>