Adds test to check @view_issue_watchers@ permission when filter "Watched by" (#40412).

author Marius Balteanu <marius.balteanu@zitec.com>

Sat, 11 May 2024 08:53:42 +0000 (08:53 +0000)

committer Marius Balteanu <marius.balteanu@zitec.com>

Sat, 11 May 2024 08:53:42 +0000 (08:53 +0000)
author Marius Balteanu <marius.balteanu@zitec.com>
Sat, 11 May 2024 08:53:42 +0000 (08:53 +0000)
committer Marius Balteanu <marius.balteanu@zitec.com>
Sat, 11 May 2024 08:53:42 +0000 (08:53 +0000)
diff --git a/test/unit/query_test.rb b/test/unit/query_test.rb

index 2aa10c5e99f3e6af00d22f560d4b9c157b303093..efc59d6904f82fe85e73e70bf2d431a8e766aad1 100644 (file)
--- a/test/unit/query_test.rb
+++ b/test/unit/query_test.rb
@@ -1422,6 +1422,36 @@ class QueryTest < ActiveSupport::TestCase
      assert_equal [3, 7], result.sort_by(&:id).pluck(:id)
    end
  
+  def test_filter_watched_issues_by_group_should_include_only_projects_with_permission
+    user = User.find(2)
+    group = Group.find(10)
+
+    Issue.find(4).add_watcher(group)
+    Issue.find(2).add_watcher(group)
+
+    developer = Role.find(2)
+    developer.remove_permission! :view_issue_watchers
+
+    User.current = user
+
+    query =
+      IssueQuery.new(
+        :name => '_',
+        :filters => {
+          'watcher_id' => {
+            :operator => '=',
+            :values => [group.id]
+          }
+        }
+      )
+    result = find_issues_with_query(query)
+
+    assert_not_nil result
+
+    # "Developer" role doesn't have the view_issue_watchers permission of issue's #4 project (OnlineStore).
+    assert_equal [2], result.pluck(:id)
+  end
+
    def test_filter_unwatched_issues
      User.current = User.find(1)
      query =
author	Marius Balteanu <marius.balteanu@zitec.com>
	Sat, 11 May 2024 08:53:42 +0000 (08:53 +0000)
committer	Marius Balteanu <marius.balteanu@zitec.com>
	Sat, 11 May 2024 08:53:42 +0000 (08:53 +0000)