Merged r22819 and r22820 to 5.1-stable (#40412).

author Marius Balteanu <marius.balteanu@zitec.com>

Sun, 12 May 2024 07:42:23 +0000 (07:42 +0000)

committer Marius Balteanu <marius.balteanu@zitec.com>

Sun, 12 May 2024 07:42:23 +0000 (07:42 +0000)
author Marius Balteanu <marius.balteanu@zitec.com>
Sun, 12 May 2024 07:42:23 +0000 (07:42 +0000)
committer Marius Balteanu <marius.balteanu@zitec.com>
Sun, 12 May 2024 07:42:23 +0000 (07:42 +0000)
diff --git a/app/models/issue_query.rb b/app/models/issue_query.rb

index bede78575f7c9a99b980e26ffd55f334faf944ff..d368dbe17d3876ed6439aa3a7f7b76543d785dfa 100644 (file)
--- a/app/models/issue_query.rb
+++ b/app/models/issue_query.rb
@@ -521,7 +521,9 @@ class IssueQuery < Query
  
    def sql_for_watcher_id_field(field, operator, value)
      db_table = Watcher.table_name
-    me, others = value.partition {|id| ['0', User.current.id.to_s].include?(id)}
+    me_ids = [0, User.current.id]
+    me_ids = me_ids.concat(User.current.groups.pluck(:id))
+    me, others = value.partition {|id| me_ids.include?(id.to_i)}
      sql =
        if others.any?
          "SELECT #{Issue.table_name}.id FROM #{Issue.table_name} " +
diff --git a/test/unit/query_test.rb b/test/unit/query_test.rb

index 1b687ed2ba250a68082c2202a1ab3e2a5638f4df..c8ba72cad888f501e3f6aa341faf8988dccd78f4 100644 (file)
--- a/test/unit/query_test.rb
+++ b/test/unit/query_test.rb
@@ -1376,7 +1376,7 @@ class QueryTest < ActiveSupport::TestCase
      assert_equal Project.where(parent_id: bookmarks).ids, result.map(&:id).sort
    end
  
-  def test_filter_watched_issues
+  def test_filter_watched_issues_by_user
      User.current = User.find(1)
      query =
        IssueQuery.new(
@@ -1384,7 +1384,7 @@ class QueryTest < ActiveSupport::TestCase
          :filters => {
            'watcher_id' => {
              :operator => '=',
-            :values => ['me']
+            :values => [User.current.id]
            }
          }
        )
@@ -1394,13 +1394,17 @@ class QueryTest < ActiveSupport::TestCase
      assert_equal Issue.visible.watched_by(User.current).sort_by(&:id), result.sort_by(&:id)
    end
  
-  def test_filter_watched_issues_with_groups_also
+  def test_filter_watched_issues_by_me_should_include_user_groups
      user = User.find(2)
      group = Group.find(10)
      group.users << user
      Issue.find(3).add_watcher(user)
      Issue.find(7).add_watcher(group)
+    manager = Role.find(1)
+    # view_issue_watchers permission is not required to see watched issues by current user or user groups
+    manager.remove_permission! :view_issue_watchers
      User.current = user
+
      query =
        IssueQuery.new(
          :name => '_',
@@ -1412,11 +1416,42 @@ class QueryTest < ActiveSupport::TestCase
          }
        )
      result = find_issues_with_query(query)
+
      assert_not_nil result
      assert !result.empty?
      assert_equal [3, 7], result.sort_by(&:id).pluck(:id)
    end
  
+  def test_filter_watched_issues_by_group_should_include_only_projects_with_permission
+    user = User.find(2)
+    group = Group.find(10)
+
+    Issue.find(4).add_watcher(group)
+    Issue.find(2).add_watcher(group)
+
+    developer = Role.find(2)
+    developer.remove_permission! :view_issue_watchers
+
+    User.current = user
+
+    query =
+      IssueQuery.new(
+        :name => '_',
+        :filters => {
+          'watcher_id' => {
+            :operator => '=',
+            :values => [group.id]
+          }
+        }
+      )
+    result = find_issues_with_query(query)
+
+    assert_not_nil result
+
+    # "Developer" role doesn't have the view_issue_watchers permission of issue's #4 project (OnlineStore).
+    assert_equal [2], result.pluck(:id)
+  end
+
    def test_filter_unwatched_issues
      User.current = User.find(1)
      query =
author	Marius Balteanu <marius.balteanu@zitec.com>
	Sun, 12 May 2024 07:42:23 +0000 (07:42 +0000)
committer	Marius Balteanu <marius.balteanu@zitec.com>
	Sun, 12 May 2024 07:42:23 +0000 (07:42 +0000)
app/models/issue_query.rb		patch \| blob \| history
test/unit/query_test.rb		patch \| blob \| history