From 41b4bc54a5e000830da5eedc6a495b9a6b2b6a1f Mon Sep 17 00:00:00 2001 From: Go MAEDA Date: Sun, 26 Feb 2023 07:48:19 +0000 Subject: [PATCH] Disable auto watch for the anonymous user (#38238). MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Patch by Felix Schäfer. git-svn-id: https://svn.redmine.org/redmine/trunk@22116 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/models/issue.rb | 4 ++-- app/models/journal.rb | 4 ++-- test/unit/issue_test.rb | 15 +++++++++++++++ test/unit/journal_test.rb | 15 +++++++++++++++ 4 files changed, 34 insertions(+), 4 deletions(-) diff --git a/app/models/issue.rb b/app/models/issue.rb index 4edf4fa1b..88c808321 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -2025,8 +2025,8 @@ class Issue < ActiveRecord::Base end def add_auto_watcher - if author && - author.allowed_to?(:add_issue_watchers, project) && + if author&.active? && + author&.allowed_to?(:add_issue_watchers, project) && author.pref.auto_watch_on?('issue_created') && self.watcher_user_ids.exclude?(author.id) self.set_watcher(author, true) diff --git a/app/models/journal.rb b/app/models/journal.rb index 24c02dfbd..4b4139a14 100644 --- a/app/models/journal.rb +++ b/app/models/journal.rb @@ -336,8 +336,8 @@ class Journal < ActiveRecord::Base end def add_watcher - if user && - user.allowed_to?(:add_issue_watchers, project) && + if user&.active? && + user&.allowed_to?(:add_issue_watchers, project) && user.pref.auto_watch_on?('issue_contributed_to') && !Watcher.any_watched?(Array.wrap(journalized), user) journalized.set_watcher(user, true) diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb index 5795d2bb1..08bc50df8 100644 --- a/test/unit/issue_test.rb +++ b/test/unit/issue_test.rb @@ -3479,6 +3479,21 @@ class IssueTest < ActiveSupport::TestCase end end + def test_create_should_not_add_anonymous_as_watcher + Role.anonymous.add_permission!(:add_issue_watchers) + + user = User.anonymous + assert user.pref.auto_watch_on?('issue_contributed_to') + + journal = Journal.new(:journalized => Issue.first, :notes => 'notes', :user => user) + + assert_no_difference 'Watcher.count' do + assert journal.save + assert journal.valid? + assert journal.journalized.valid? + end + end + def test_like_should_escape_query issue = Issue.generate!(:subject => "asdf") r = Issue.like('as_f') diff --git a/test/unit/journal_test.rb b/test/unit/journal_test.rb index 511b16415..373de93a2 100644 --- a/test/unit/journal_test.rb +++ b/test/unit/journal_test.rb @@ -142,6 +142,21 @@ class JournalTest < ActiveSupport::TestCase end end + def test_create_should_not_add_anonymous_as_watcher + Role.anonymous.add_permission!(:add_issue_watchers) + + user = User.anonymous + assert user.pref.auto_watch_on?('issue_contributed_to') + + journal = Journal.new(:journalized => Issue.first, :notes => 'notes', :user => user) + + assert_no_difference 'Watcher.count' do + assert journal.save + assert journal.valid? + assert journal.journalized.valid? + end + end + def test_visible_scope_for_anonymous # Anonymous user should see issues of public projects only journals = Journal.visible(User.anonymous).to_a -- 2.39.5