belongs_to :category, :class_name => 'IssueCategory'
has_many :journals, :as => :journalized, :dependent => :destroy, :inverse_of => :journalized
- has_many :visible_journals,
- lambda {where(["(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(User.current, :view_private_notes)}))", false])},
- :class_name => 'Journal',
- :as => :journalized
-
has_many :time_entries, :dependent => :destroy
has_and_belongs_to_many :changesets, lambda {order("#{Changeset.table_name}.committed_on ASC, #{Changeset.table_name}.id ASC")}
reorder(:created_on, :id).to_a
result.each_with_index {|j,i| j.indice = i+1}
- result.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, project)
+
+ unless user.allowed_to?(:view_private_notes, project)
+ result.select! do |journal|
+ !journal.private_notes? || journal.user == user
+ end
+ end
Journal.preload_journals_details_custom_fields(result)
result.select! {|journal| journal.notes? || journal.visible_details.any?}
result
scope :visible, lambda {|*args|
user = args.shift || User.current
+ private_notes_condition = Project.allowed_to_condition(user, :view_private_notes, *args)
joins(:issue => :project).
where(Issue.visible_condition(user, *args)).
- where("(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(user, :view_private_notes, *args)}))", false)
+ where("(#{Journal.table_name}.private_notes = ? OR #{Journal.table_name}.user_id = ? OR (#{private_notes_condition}))", false, user.id)
}
safe_attributes 'notes',
assert_select "#change-#{journal.id}", 0
end
+ def test_show_should_display_private_notes_created_by_current_user
+ User.find(3).roles_for_project(Project.find(1)).each do |role|
+ role.remove_permission! :view_private_notes
+ end
+ visible = Journal.create!(:journalized => Issue.find(2), :notes => 'Private notes', :private_notes => true, :user_id => 3)
+ not_visible = Journal.create!(:journalized => Issue.find(2), :notes => 'Private notes', :private_notes => true, :user_id => 1)
+ @request.session[:user_id] = 3
+
+ get :show, :id => 2
+ assert_response :success
+ assert_select "#change-#{visible.id}", 1
+ assert_select "#change-#{not_visible.id}", 0
+ end
+
def test_show_atom
get :show, :id => 2, :format => 'atom'
assert_response :success
projects / redmine.git / commitdiff