Anonymous users should always see public issues only (#11872).

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Thu, 20 Sep 2012 19:26:58 +0000 (19:26 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Thu, 20 Sep 2012 19:26:58 +0000 (19:26 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Thu, 20 Sep 2012 19:26:58 +0000 (19:26 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Thu, 20 Sep 2012 19:26:58 +0000 (19:26 +0000)
diff --git a/app/models/issue.rb b/app/models/issue.rb

index 5b1cfadb853544b3fdf81cd23cb475a2f69905a0..86371d5f742422df68b8e9fefbc66d74bc5be86d 100644 (file)
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -84,25 +84,21 @@ class Issue < ActiveRecord::Base
    # Returns a SQL conditions string used to find all issues visible by the specified user
    def self.visible_condition(user, options={})
      Project.allowed_to_condition(user, :view_issues, options) do |role, user|
-      case role.issues_visibility
-      when 'all'
-        nil
-      when 'default'
-        if user.logged?
+      if user.logged?
+        case role.issues_visibility
+        when 'all'
+          nil
+        when 'default'
            user_ids = [user.id] + user.groups.map(&:id)
            "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
-        else
-          "(#{table_name}.is_private = #{connection.quoted_false})"
-        end
-      when 'own'
-        if user.logged?
+        when 'own'
            user_ids = [user.id] + user.groups.map(&:id)
            "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
          else
            '1=0'
          end
        else
-        '1=0'
+        "(#{table_name}.is_private = #{connection.quoted_false})"
        end
      end
    end
@@ -110,15 +106,19 @@ class Issue < ActiveRecord::Base
    # Returns true if usr or current user is allowed to view the issue
    def visible?(usr=nil)
      (usr || User.current).allowed_to?(:view_issues, self.project) do |role, user|
-      case role.issues_visibility
-      when 'all'
-        true
-      when 'default'
-        !self.is_private? || (user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to)))
-      when 'own'
-        user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to))
+      if user.logged?
+        case role.issues_visibility
+        when 'all'
+          true
+        when 'default'
+          !self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to))
+        when 'own'
+          self.author == user || user.is_or_belongs_to?(assigned_to)
+        else
+          false
+        end
        else
-        false
+        !self.is_private?
        end
      end
    end
diff --git a/app/models/role.rb b/app/models/role.rb

index 5fd437648e753b6ad53ac37e519bf0e56598e43a..15ed0e10d5f89a26d73bd587381fa5f41a762308 100644 (file)
--- a/app/models/role.rb
+++ b/app/models/role.rb
@@ -133,6 +133,11 @@ class Role < ActiveRecord::Base
      self.builtin != 0
    end
  
+  # Return true if the role is the anonymous role
+  def anonymous?
+    builtin == 2
+  end
+  
    # Return true if the role is a project member role
    def member?
      !self.builtin?
diff --git a/app/views/roles/_form.html.erb b/app/views/roles/_form.html.erb

index 8ae0a604fe2ef2ba7e9e92e3152057da244c8607..d028c2f1c6b22537d428a6da30287dae2b087b1a 100644 (file)
--- a/app/views/roles/_form.html.erb
+++ b/app/views/roles/_form.html.erb
@@ -1,5 +1,6 @@
  <%= error_messages_for 'role' %>
  
+<% unless @role.anonymous? %>
  <div class="box tabular">
  <% unless @role.builtin? %>
  <p><%= f.text_field :name, :required => true %></p>
@@ -11,6 +12,7 @@
  <%= select_tag(:copy_workflow_from, content_tag("option") + options_from_collection_for_select(@roles, :id, :name, params[:copy_workflow_from] || @copy_from.try(:id))) %></p>
  <% end %>
  </div>
+<% end %>
  
  <h3><%= l(:label_permissions) %></h3>
  <div class="box tabular" id="permissions">
diff --git a/test/functional/roles_controller_test.rb b/test/functional/roles_controller_test.rb

index 868c987a6209b9bb2d1a81b76dc8c4c83b07c51e..8aa74457ab167d403c20531385f82d3836780a6c 100644 (file)
--- a/test/functional/roles_controller_test.rb
+++ b/test/functional/roles_controller_test.rb
@@ -110,6 +110,14 @@ class RolesControllerTest < ActionController::TestCase
      assert_response :success
      assert_template 'edit'
      assert_equal Role.find(1), assigns(:role)
+    assert_select 'select[name=?]', 'role[issues_visibility]'
+  end
+
+  def test_edit_anonymous
+    get :edit, :id => Role.anonymous.id
+    assert_response :success
+    assert_template 'edit'
+    assert_select 'select[name=?]', 'role[issues_visibility]', 0
    end
  
    def test_edit_invalid_should_respond_with_404
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Thu, 20 Sep 2012 19:26:58 +0000 (19:26 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Thu, 20 Sep 2012 19:26:58 +0000 (19:26 +0000)
app/models/issue.rb		patch \| blob \| history
app/models/role.rb		patch \| blob \| history
app/views/roles/_form.html.erb		patch \| blob \| history
test/functional/roles_controller_test.rb		patch \| blob \| history