From bffee57744190c039125743342851955a9a0459f Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sat, 25 Jul 2015 08:54:25 +0000 Subject: [PATCH] Merged r14450 (#20206). git-svn-id: http://svn.redmine.org/redmine/branches/3.1-stable@14453 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/models/project.rb | 6 +++++- test/unit/issue_test.rb | 9 +++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/app/models/project.rb b/app/models/project.rb index 7c4ac3516..4a54b2210 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -188,7 +188,11 @@ class Project < ActiveRecord::Base unless options[:member] role = user.builtin_role if role.allowed_to?(permission) - statement_by_role[role] = "#{Project.table_name}.is_public = #{connection.quoted_true}" + s = "#{Project.table_name}.is_public = #{connection.quoted_true}" + if user.id + s = "(#{s} AND #{Project.table_name}.id NOT IN (SELECT project_id FROM #{Member.table_name} WHERE user_id = #{user.id}))" + end + statement_by_role[role] = s end end user.projects_by_role.each do |role, projects| diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb index bf4d49492..9a8afd66d 100644 --- a/test/unit/issue_test.rb +++ b/test/unit/issue_test.rb @@ -310,6 +310,15 @@ class IssueTest < ActiveSupport::TestCase assert_visibility_match user, issues end + def test_visible_scope_for_member_without_view_issues_permission_and_non_member_role_having_the_permission + Role.non_member.add_permission!(:view_issues) + Role.find(1).remove_permission!(:view_issues) + user = User.find(2) + + assert_equal 0, Issue.where(:project_id => 1).visible(user).count + assert_equal false, Issue.where(:project_id => 1).first.visible?(user) + end + def test_visible_scope_for_member_with_groups_should_return_assigned_issues user = User.find(8) assert user.groups.any? -- 2.39.5