From 54856b46996e96ebbb3a3f83e291f581c90319d9 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sun, 13 Mar 2016 08:20:37 +0000 Subject: [PATCH] Merged r15223 and r15225 (#22127). git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15230 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/models/issue.rb | 11 ++++++++ test/functional/issues_controller_test.rb | 20 +++++++------ test/unit/issue_test.rb | 34 +++++++++++++++++++++++ 3 files changed, 56 insertions(+), 9 deletions(-) diff --git a/app/models/issue.rb b/app/models/issue.rb index 59cb3c17a..4e0c7ec27 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -495,6 +495,17 @@ class Issue < ActiveRecord::Base if new_record? && !statuses_allowed.include?(status) self.status = statuses_allowed.first || default_status end + if (u = attrs.delete('assigned_to_id')) && safe_attribute?('assigned_to_id') + if u.blank? + self.assigned_to_id = nil + else + u = u.to_i + if assignable_users.any?{|assignable_user| assignable_user.id == u} + self.assigned_to_id = u + end + end + end + attrs = delete_unsafe_attributes(attrs, user) return if attrs.empty? diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb index 6729d0604..3cbe1abdc 100644 --- a/test/functional/issues_controller_test.rb +++ b/test/functional/issues_controller_test.rb @@ -3860,13 +3860,15 @@ class IssuesControllerTest < ActionController::TestCase @request.session[:user_id] = 2 # update issues assignee - post :bulk_update, :ids => [1, 2], :notes => 'Bulk editing', - :issue => {:priority_id => '', - :assigned_to_id => group.id, - :custom_field_values => {'2' => ''}} - - assert_response 302 - assert_equal [group, group], Issue.where(:id => [1, 2]).collect {|i| i.assigned_to} + with_settings :issue_group_assignment => '1' do + post :bulk_update, :ids => [1, 2], :notes => 'Bulk editing', + :issue => {:priority_id => '', + :assigned_to_id => group.id, + :custom_field_values => {'2' => ''}} + + assert_response 302 + assert_equal [group, group], Issue.where(:id => [1, 2]).collect {|i| i.assigned_to} + end end def test_bulk_update_on_different_projects @@ -4250,7 +4252,7 @@ class IssuesControllerTest < ActionController::TestCase assert_no_difference 'Project.find(1).issues.count' do post :bulk_update, :ids => [1, 2], :copy => '1', :issue => { - :project_id => '2', :tracker_id => '', :assigned_to_id => '4', + :project_id => '2', :tracker_id => '', :assigned_to_id => '2', :status_id => '1', :start_date => '2009-12-01', :due_date => '2009-12-31' } end @@ -4260,7 +4262,7 @@ class IssuesControllerTest < ActionController::TestCase assert_equal 2, copied_issues.size copied_issues.each do |issue| assert_equal 2, issue.project_id, "Project is incorrect" - assert_equal 4, issue.assigned_to_id, "Assigned to is incorrect" + assert_equal 2, issue.assigned_to_id, "Assigned to is incorrect" assert_equal 1, issue.status_id, "Status is incorrect" assert_equal '2009-12-01', issue.start_date.to_s, "Start date is incorrect" assert_equal '2009-12-31', issue.due_date.to_s, "Due date is incorrect" diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb index 468a3f44f..577bd789a 100644 --- a/test/unit/issue_test.rb +++ b/test/unit/issue_test.rb @@ -790,6 +790,40 @@ class IssueTest < ActiveSupport::TestCase assert_nil issue.custom_field_value(cf2) end + def test_safe_attributes_should_ignore_unassignable_assignee + issue = Issue.new(:project_id => 1, :tracker_id => 1, :author_id => 3, + :status_id => 1, :priority => IssuePriority.all.first, + :subject => 'test_create') + assert issue.valid? + + # locked user, not allowed + issue.safe_attributes=({'assigned_to_id' => '5'}) + assert_nil issue.assigned_to_id + # no member + issue.safe_attributes=({'assigned_to_id' => '1'}) + assert_nil issue.assigned_to_id + # user 2 is ok + issue.safe_attributes=({'assigned_to_id' => '2'}) + assert_equal 2, issue.assigned_to_id + assert issue.save + + issue.reload + assert_equal 2, issue.assigned_to_id + issue.safe_attributes=({'assigned_to_id' => '5'}) + assert_equal 2, issue.assigned_to_id + issue.safe_attributes=({'assigned_to_id' => '1'}) + assert_equal 2, issue.assigned_to_id + # user 3 is also ok + issue.safe_attributes=({'assigned_to_id' => '3'}) + assert_equal 3, issue.assigned_to_id + assert issue.save + + # removal of assignee + issue.safe_attributes=({'assigned_to_id' => ''}) + assert_nil issue.assigned_to_id + assert issue.save + end + def test_editable_custom_field_values_should_return_non_readonly_custom_values cf1 = IssueCustomField.create!(:name => 'Writable field', :field_format => 'string', :is_for_all => true, :tracker_ids => [1, 2]) -- 2.39.5