Merged r14450 (#20206).

git-svn-id: http://svn.redmine.org/redmine/branches/3.1-stable@14453 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/models/project.rb b/app/models/project.rb
index 7c4ac351663b1e23bff234101aff3e0ba43ee728..4a54b221085f81cf57060f8fc93352f363a26d87 100644 (file)
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -188,7 +188,11 @@ class Project < ActiveRecord::Base
       unless options[:member]
         role = user.builtin_role
         if role.allowed_to?(permission)
-          statement_by_role[role] = "#{Project.table_name}.is_public = #{connection.quoted_true}"
+          s = "#{Project.table_name}.is_public = #{connection.quoted_true}"
+          if user.id
+            s = "(#{s} AND #{Project.table_name}.id NOT IN (SELECT project_id FROM #{Member.table_name} WHERE user_id = #{user.id}))"
+          end
+          statement_by_role[role] = s
         end
       end
       user.projects_by_role.each do |role, projects|

diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb
index bf4d494923044b4360c15190c6b8b0e453638d6d..9a8afd66d7902c4ab6f7f4f7badd363daeb8b1b7 100644 (file)
--- a/test/unit/issue_test.rb
+++ b/test/unit/issue_test.rb
@@ -310,6 +310,15 @@ class IssueTest < ActiveSupport::TestCase
     assert_visibility_match user, issues
   end
 
+  def test_visible_scope_for_member_without_view_issues_permission_and_non_member_role_having_the_permission
+    Role.non_member.add_permission!(:view_issues)
+    Role.find(1).remove_permission!(:view_issues)
+    user = User.find(2)
+
+    assert_equal 0, Issue.where(:project_id => 1).visible(user).count
+    assert_equal false, Issue.where(:project_id => 1).first.visible?(user)
+  end
+
   def test_visible_scope_for_member_with_groups_should_return_assigned_issues
     user = User.find(8)
     assert user.groups.any?