From 857cf5db38c23fd13f3834f773cc18c950c46d63 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Fri, 11 Nov 2011 12:22:47 +0000
Subject: [PATCH] Fixed: User with groups may not see issues assigned to him or
 to its groups (#9478).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7771 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/models/issue.rb     |  4 ++--
 test/unit/issue_test.rb | 23 +++++++++++++++++++++++
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/app/models/issue.rb b/app/models/issue.rb
index 50b0dcecd..735a50ee9 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -95,10 +95,10 @@ class Issue < ActiveRecord::Base
         nil
       when 'default'
         user_ids = [user.id] + user.groups.map(&:id)
-        "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids}))"
+        "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
       when 'own'
         user_ids = [user.id] + user.groups.map(&:id)
-        "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids}))"
+        "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
       else
         '1=0'
       end
diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb
index 6b7702d93..c769c0c31 100644
--- a/test/unit/issue_test.rb
+++ b/test/unit/issue_test.rb
@@ -160,6 +160,29 @@ class IssueTest < ActiveSupport::TestCase
     assert_visibility_match user, issues
   end
 
+  def test_visible_scope_for_member_with_groups_should_return_assigned_issues
+    user = User.find(8)
+    assert user.groups.any?
+    Member.create!(:principal => user.groups.first, :project_id => 1, :role_ids => [2])
+    Role.non_member.remove_permission!(:view_issues)
+    
+    issue = Issue.create(:project_id => 1, :tracker_id => 1, :author_id => 3,
+      :status_id => 1, :priority => IssuePriority.all.first,
+      :subject => 'Assignment test',
+      :assigned_to => user.groups.first,
+      :is_private => true)
+    
+    Role.find(2).update_attribute :issues_visibility, 'default'
+    issues = Issue.visible(User.find(8)).all
+    assert issues.any?
+    assert issues.include?(issue)
+    
+    Role.find(2).update_attribute :issues_visibility, 'own'
+    issues = Issue.visible(User.find(8)).all
+    assert issues.any?
+    assert issues.include?(issue)
+  end
+
   def test_visible_scope_for_admin
     user = User.find(1)
     user.members.each(&:destroy)
-- 
2.39.5