From bd6a07cd1414cf3a253fe0bd2837d35bc6f3e86f Mon Sep 17 00:00:00 2001
From: Marius Balteanu <marius.balteanu@zitec.com>
Date: Sat, 11 May 2024 08:53:42 +0000
Subject: [PATCH] Adds test to check @view_issue_watchers@ permission when
 filter "Watched by" (#40412).

git-svn-id: https://svn.redmine.org/redmine/trunk@22820 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 test/unit/query_test.rb | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/test/unit/query_test.rb b/test/unit/query_test.rb
index 2aa10c5e9..efc59d690 100644
--- a/test/unit/query_test.rb
+++ b/test/unit/query_test.rb
@@ -1422,6 +1422,36 @@ class QueryTest < ActiveSupport::TestCase
     assert_equal [3, 7], result.sort_by(&:id).pluck(:id)
   end
 
+  def test_filter_watched_issues_by_group_should_include_only_projects_with_permission
+    user = User.find(2)
+    group = Group.find(10)
+
+    Issue.find(4).add_watcher(group)
+    Issue.find(2).add_watcher(group)
+
+    developer = Role.find(2)
+    developer.remove_permission! :view_issue_watchers
+
+    User.current = user
+
+    query =
+      IssueQuery.new(
+        :name => '_',
+        :filters => {
+          'watcher_id' => {
+            :operator => '=',
+            :values => [group.id]
+          }
+        }
+      )
+    result = find_issues_with_query(query)
+
+    assert_not_nil result
+
+    # "Developer" role doesn't have the view_issue_watchers permission of issue's #4 project (OnlineStore).
+    assert_equal [2], result.pluck(:id)
+  end
+
   def test_filter_unwatched_issues
     User.current = User.find(1)
     query =
-- 
2.39.5