def render_api_includes(project, api)
api.array :trackers do
- project.trackers.each do |tracker|
+ project.rolled_up_trackers(false).visible.each do |tracker|
api.tracker(:id => tracker.id, :name => tracker.name)
end
end if include_in_api_response?('trackers')
assert_select 'trackers[type=array] tracker[id="2"][name="Feature request"]'
end
+ test "GET /projects/:id.xml with include=trackers should return trackers based on role-based permissioning" do
+ project = Project.find(1)
+ assert_equal [1, 2, 3], project.tracker_ids
+
+ role = Role.find(3) # Reporter
+ role.permissions_all_trackers = {'view_issues' => '0'}
+ role.permissions_tracker_ids = {'view_issues' => ['1']}
+ role.save!
+
+ user = User.find_by(:login => 'jsmith')
+ member = project.members.detect{|m| m.user == user}
+ member.roles.delete_all
+ member.role_ids = [role.id]
+ member.roles.reload
+ assert_equal [role.id], member.role_ids
+
+ get '/projects/1.xml?include=trackers', :headers => credentials(user.login)
+ assert_response :success
+ assert_equal 'application/xml', @response.content_type
+
+ assert_select 'trackers[type=array]' do
+ assert_select 'tracker[id="1"]', :count => 1
+ assert_select 'tracker[id="2"]', :count => 0
+ assert_select 'tracker[id="3"]', :count => 0
+ end
+ end
+
test "GET /projects/:id.xml with include=enabled_modules should return enabled modules" do
get '/projects/1.xml?include=enabled_modules'
assert_response :success
projects / redmine.git / commitdiff