From 54856b46996e96ebbb3a3f83e291f581c90319d9 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 13 Mar 2016 08:20:37 +0000
Subject: [PATCH] Merged r15223 and r15225 (#22127).

git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15230 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/models/issue.rb                       | 11 ++++++++
 test/functional/issues_controller_test.rb | 20 +++++++------
 test/unit/issue_test.rb                   | 34 +++++++++++++++++++++++
 3 files changed, 56 insertions(+), 9 deletions(-)

diff --git a/app/models/issue.rb b/app/models/issue.rb
index 59cb3c17a..4e0c7ec27 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -495,6 +495,17 @@ class Issue < ActiveRecord::Base
     if new_record? && !statuses_allowed.include?(status)
       self.status = statuses_allowed.first || default_status
     end
+    if (u = attrs.delete('assigned_to_id')) && safe_attribute?('assigned_to_id')
+      if u.blank?
+        self.assigned_to_id = nil
+      else
+        u = u.to_i
+        if assignable_users.any?{|assignable_user| assignable_user.id == u}
+          self.assigned_to_id = u
+        end
+      end
+    end
+
 
     attrs = delete_unsafe_attributes(attrs, user)
     return if attrs.empty?
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index 6729d0604..3cbe1abdc 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -3860,13 +3860,15 @@ class IssuesControllerTest < ActionController::TestCase
 
     @request.session[:user_id] = 2
     # update issues assignee
-    post :bulk_update, :ids => [1, 2], :notes => 'Bulk editing',
-                                     :issue => {:priority_id => '',
-                                                :assigned_to_id => group.id,
-                                                :custom_field_values => {'2' => ''}}
-
-    assert_response 302
-    assert_equal [group, group], Issue.where(:id => [1, 2]).collect {|i| i.assigned_to}
+    with_settings :issue_group_assignment => '1' do
+      post :bulk_update, :ids => [1, 2], :notes => 'Bulk editing',
+                                       :issue => {:priority_id => '',
+                                                  :assigned_to_id => group.id,
+                                                  :custom_field_values => {'2' => ''}}
+  
+      assert_response 302
+      assert_equal [group, group], Issue.where(:id => [1, 2]).collect {|i| i.assigned_to}
+    end
   end
 
   def test_bulk_update_on_different_projects
@@ -4250,7 +4252,7 @@ class IssuesControllerTest < ActionController::TestCase
       assert_no_difference 'Project.find(1).issues.count' do
         post :bulk_update, :ids => [1, 2], :copy => '1', 
              :issue => {
-               :project_id => '2', :tracker_id => '', :assigned_to_id => '4',
+               :project_id => '2', :tracker_id => '', :assigned_to_id => '2',
                :status_id => '1', :start_date => '2009-12-01', :due_date => '2009-12-31'
              }
       end
@@ -4260,7 +4262,7 @@ class IssuesControllerTest < ActionController::TestCase
     assert_equal 2, copied_issues.size
     copied_issues.each do |issue|
       assert_equal 2, issue.project_id, "Project is incorrect"
-      assert_equal 4, issue.assigned_to_id, "Assigned to is incorrect"
+      assert_equal 2, issue.assigned_to_id, "Assigned to is incorrect"
       assert_equal 1, issue.status_id, "Status is incorrect"
       assert_equal '2009-12-01', issue.start_date.to_s, "Start date is incorrect"
       assert_equal '2009-12-31', issue.due_date.to_s, "Due date is incorrect"
diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb
index 468a3f44f..577bd789a 100644
--- a/test/unit/issue_test.rb
+++ b/test/unit/issue_test.rb
@@ -790,6 +790,40 @@ class IssueTest < ActiveSupport::TestCase
     assert_nil issue.custom_field_value(cf2)
   end
 
+  def test_safe_attributes_should_ignore_unassignable_assignee
+    issue = Issue.new(:project_id => 1, :tracker_id => 1, :author_id => 3,
+                      :status_id => 1, :priority => IssuePriority.all.first,
+                      :subject => 'test_create')
+    assert issue.valid?
+
+    # locked user, not allowed
+    issue.safe_attributes=({'assigned_to_id' => '5'})
+    assert_nil issue.assigned_to_id
+    # no member
+    issue.safe_attributes=({'assigned_to_id' => '1'})
+    assert_nil issue.assigned_to_id
+    # user 2 is ok
+    issue.safe_attributes=({'assigned_to_id' => '2'})
+    assert_equal 2, issue.assigned_to_id
+    assert issue.save
+
+    issue.reload
+    assert_equal 2, issue.assigned_to_id
+    issue.safe_attributes=({'assigned_to_id' => '5'})
+    assert_equal 2, issue.assigned_to_id
+    issue.safe_attributes=({'assigned_to_id' => '1'})
+    assert_equal 2, issue.assigned_to_id
+    # user 3 is also ok
+    issue.safe_attributes=({'assigned_to_id' => '3'})
+    assert_equal 3, issue.assigned_to_id
+    assert issue.save
+
+    # removal of assignee
+    issue.safe_attributes=({'assigned_to_id' => ''})
+    assert_nil issue.assigned_to_id
+    assert issue.save
+  end
+
   def test_editable_custom_field_values_should_return_non_readonly_custom_values
     cf1 = IssueCustomField.create!(:name => 'Writable field', :field_format => 'string',
                                    :is_for_all => true, :tracker_ids => [1, 2])
-- 
2.39.5