Fixed: Calendar and Gantt show private subprojects even if current user is not a...

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Wed, 14 May 2008 18:01:13 +0000 (18:01 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Wed, 14 May 2008 18:01:13 +0000 (18:01 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Wed, 14 May 2008 18:01:13 +0000 (18:01 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Wed, 14 May 2008 18:01:13 +0000 (18:01 +0000)
diff --git a/app/models/project.rb b/app/models/project.rb

index 964469649c000231e17fea74434ca169b6c041b2..8c32c8562b1459518d7447d68c1cbd16361c1cc0 100644 (file)
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -73,9 +73,9 @@ class Project < ActiveRecord::Base
    
    def issues_with_subprojects(include_subprojects=false)
      conditions = nil
-    if include_subprojects && !active_children.empty?
-      ids = [id] + active_children.collect {|c| c.id}
-      conditions = ["#{Project.table_name}.id IN (#{ids.join(',')})"]
+    if include_subprojects
+      ids = [id] + child_ids
+      conditions = ["#{Project.table_name}.id IN (#{ids.join(',')}) AND #{Project.visible_by}"]
      end
      conditions ||= ["#{Project.table_name}.id = ?", id]
      # Quick and dirty fix for Rails 2 compatibility
@@ -93,6 +93,7 @@ class Project < ActiveRecord::Base
    end  
  
    def self.visible_by(user=nil)
+    user ||= User.current
      if user && user.admin?
        return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"
      elsif user && user.memberships.any?
diff --git a/test/fixtures/issues.yml b/test/fixtures/issues.yml

index 4f42d93c401cf8fba697903e390169f95a609315..48195a7b7620a96db77fb38f8a8f15b5a97cbf38 100644 (file)
--- a/test/fixtures/issues.yml
+++ b/test/fixtures/issues.yml
@@ -71,4 +71,20 @@ issues_005:
    assigned_to_id: \r
    author_id: 2\r
    status_id: 1\r
-  \r
+issues_006: \r
+  created_on: <%= 1.minute.ago.to_date.to_s(:db) %>\r
+  project_id: 5\r
+  updated_on: <%= 1.minute.ago.to_date.to_s(:db) %>\r
+  priority_id: 4\r
+  subject: Issue of a private subproject\r
+  id: 6\r
+  fixed_version_id: \r
+  category_id: \r
+  description: This is an issue of a private subproject of cookbook\r
+  tracker_id: 1\r
+  assigned_to_id: \r
+  author_id: 2\r
+  status_id: 1\r
+  start_date: <%= Date.today.to_s(:db) %>\r
+  due_date: <%= 1.days.from_now.to_date.to_s(:db) %>\r
+  
+\ No newline at end of file
diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb

index 5af7b5572ce4799e5cb7aabadaba0cb25e8b5ead..bebe96f298d53d451124fa10d67f10a493464f86 100644 (file)
--- a/test/functional/projects_controller_test.rb
+++ b/test/functional/projects_controller_test.rb
@@ -29,6 +29,7 @@ class ProjectsControllerTest < Test::Unit::TestCase
      @controller = ProjectsController.new
      @request    = ActionController::TestRequest.new
      @response   = ActionController::TestResponse.new
+    @request.session[:user_id] = nil
    end
  
    def test_index
@@ -237,11 +238,21 @@ class ProjectsControllerTest < Test::Unit::TestCase
      assert_not_nil assigns(:calendar)
    end
  
-  def test_calendar_with_subprojects
+  def test_calendar_with_subprojects_should_not_show_private_subprojects
      get :calendar, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2]
      assert_response :success
      assert_template 'calendar'
      assert_not_nil assigns(:calendar)
+    assert_no_tag :tag => 'a', :content => /#6/
+  end
+  
+  def test_calendar_with_subprojects_should_show_private_subprojects
+    @request.session[:user_id] = 2
+    get :calendar, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2]
+    assert_response :success
+    assert_template 'calendar'
+    assert_not_nil assigns(:calendar)
+    assert_tag :tag => 'a', :content => /#6/
    end
  
    def test_gantt
@@ -251,13 +262,23 @@ class ProjectsControllerTest < Test::Unit::TestCase
      assert_not_nil assigns(:events)
    end
  
-  def test_gantt_with_subprojects
+  def test_gantt_with_subprojects_should_not_show_private_subprojects
      get :gantt, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2]
      assert_response :success
      assert_template 'gantt.rhtml'
      assert_not_nil assigns(:events)
+    assert_no_tag :tag => 'a', :content => /#6/
    end
    
+  def test_gantt_with_subprojects_should_show_private_subprojects
+    @request.session[:user_id] = 2
+    get :gantt, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2]
+    assert_response :success
+    assert_template 'gantt.rhtml'
+    assert_not_nil assigns(:events)
+    assert_tag :tag => 'a', :content => /#6/
+  end
+
    def test_gantt_export_to_pdf
      get :gantt, :id => 1, :format => 'pdf'
      assert_response :success
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Wed, 14 May 2008 18:01:13 +0000 (18:01 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Wed, 14 May 2008 18:01:13 +0000 (18:01 +0000)
app/models/project.rb		patch \| blob \| history
test/fixtures/issues.yml		patch \| blob \| history
test/functional/projects_controller_test.rb		patch \| blob \| history