From 22165fd071227de3f893319974d8568b2fb8ebc1 Mon Sep 17 00:00:00 2001
From: Go MAEDA <maeda@farend.jp>
Date: Sat, 24 Aug 2019 08:50:17 +0000
Subject: [PATCH] Per role visibility settings for version custom fields
 (#23997).
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Patch by Jens KrÃ¤mer and Marius BALTEANU.


git-svn-id: http://svn.redmine.org/redmine/trunk@18386 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/models/version.rb                         |  7 +++++++
 app/models/version_custom_field.rb            |  4 ++++
 app/views/custom_fields/_form.html.erb        |  2 +-
 app/views/versions/_form.html.erb             |  2 +-
 app/views/versions/index.api.rsb              |  2 +-
 app/views/versions/show.api.rsb               |  2 +-
 .../custom_fields_controller_test.rb          | 20 +++++++++++++++++++
 7 files changed, 35 insertions(+), 4 deletions(-)
diff --git a/app/models/version.rb b/app/models/version.rb
index dce03c9de..e538f21b3 100644
--- a/app/models/version.rb
+++ b/app/models/version.rb
@@ -168,6 +168,13 @@ class Version < ActiveRecord::Base
     user.allowed_to?(:view_issues, self.project)
   end
 
+  def visible_custom_field_values(user = nil)
+    user ||= User.current
+    custom_field_values.select do |value|
+      value.custom_field.visible_by?(project, user)
+    end
+  end
+
   # Version files have same visibility as project files
   def attachments_visible?(*args)
     project.present? && project.attachments_visible?(*args)
diff --git a/app/models/version_custom_field.rb b/app/models/version_custom_field.rb
index 238649c7c..d9034e06f 100644
--- a/app/models/version_custom_field.rb
+++ b/app/models/version_custom_field.rb
@@ -21,4 +21,8 @@ class VersionCustomField < CustomField
   def type_name
     :label_version_plural
   end
+
+  def visible_by?(project, user=User.current)
+    super || (roles & user.roles_for_project(project)).present?
+  end
 end
diff --git a/app/views/custom_fields/_form.html.erb b/app/views/custom_fields/_form.html.erb
index deb000297..a7af54a07 100644
--- a/app/views/custom_fields/_form.html.erb
+++ b/app/views/custom_fields/_form.html.erb
@@ -53,7 +53,7 @@
     <%= call_hook(:"view_custom_fields_form_#{@custom_field.type.to_s.underscore}", :custom_field => @custom_field, :form => f) %>
   </div>
 
-  <% if %w(IssueCustomField TimeEntryCustomField ProjectCustomField).include?(@custom_field.class.name) %>
+  <% if %w(IssueCustomField TimeEntryCustomField ProjectCustomField VersionCustomField).include?(@custom_field.class.name) %>
     <%= render :partial => 'visibility_by_role_selector', :locals => { :f => f } %>
   <% end %>
 
diff --git a/app/views/versions/_form.html.erb b/app/views/versions/_form.html.erb
index 58d3e336a..62119769b 100644
--- a/app/views/versions/_form.html.erb
+++ b/app/views/versions/_form.html.erb
@@ -14,7 +14,7 @@
 <p><%= f.check_box :default_project_version, :label => :field_default_version %></p>
 <% end %>
 
-<% @version.custom_field_values.each do |value| %>
+<% @version.visible_custom_field_values.each do |value| %>
   <p><%= custom_field_tag_with_label :version, value %></p>
 <% end %>
 
diff --git a/app/views/versions/index.api.rsb b/app/views/versions/index.api.rsb
index 98f9425de..65354554f 100644
--- a/app/views/versions/index.api.rsb
+++ b/app/views/versions/index.api.rsb
@@ -11,7 +11,7 @@ api.array :versions, api_meta(:total_count => @versions.size) do
       api.sharing         version.sharing
       api.wiki_page_title version.wiki_page_title
 
-      render_api_custom_values version.custom_field_values, api
+      render_api_custom_values version.visible_custom_field_values, api
 
       api.created_on version.created_on
       api.updated_on version.updated_on
diff --git a/app/views/versions/show.api.rsb b/app/views/versions/show.api.rsb
index 96edb6b57..345ec56da 100644
--- a/app/views/versions/show.api.rsb
+++ b/app/views/versions/show.api.rsb
@@ -9,7 +9,7 @@ api.version do
   api.sharing         @version.sharing
   api.wiki_page_title @version.wiki_page_title
 
-  render_api_custom_values @version.custom_field_values, api
+  render_api_custom_values @version.visible_custom_field_values, api
 
   api.created_on @version.created_on
   api.updated_on @version.updated_on
diff --git a/test/functional/custom_fields_controller_test.rb b/test/functional/custom_fields_controller_test.rb
index 101a4c34f..7f41888ff 100644
--- a/test/functional/custom_fields_controller_test.rb
+++ b/test/functional/custom_fields_controller_test.rb
@@ -146,6 +146,26 @@ class CustomFieldsControllerTest < Redmine::ControllerTest
     end
   end
 
+  def test_new_version_custom_field
+    get :new, :params => {
+        :type => 'VersionCustomField'
+    }
+    assert_response :success
+
+    assert_select 'form#custom_field_form' do
+      assert_select 'select#custom_field_field_format[name=?]', 'custom_field[field_format]' do
+        assert_select 'option[value=user]', :text => 'User'
+        assert_select 'option[value=version]', :text => 'Version'
+      end
+
+      # Visibility
+      assert_select 'input[type=radio][name=?]', 'custom_field[visible]', 2
+      assert_select 'input[type=checkbox][name=?]', 'custom_field[role_ids][]', 3
+
+      assert_select 'input[type=hidden][name=type][value=VersionCustomField]'
+    end
+  end
+
   def test_new_time_entry_custom_field_should_not_show_trackers_and_projects
     get :new, :params => {
         :type => 'TimeEntryCustomField'
-- 
2.39.5

