From d2f64ee9288a3be2ec29e42aaf796559d3dd6b4b Mon Sep 17 00:00:00 2001 From: Marius Balteanu Date: Tue, 1 Feb 2022 20:11:56 +0000 Subject: [PATCH] Fix autocomplete for users fails with 403 error when there are multiple objects from different projects (#36446). Patch by Dmitry Makurin. git-svn-id: http://svn.redmine.org/redmine/trunk@21394 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/watchers_controller.rb | 8 +++-- app/views/watchers/_new.html.erb | 2 +- test/functional/watchers_controller_test.rb | 35 +++++++++++++++++++++ 3 files changed, 42 insertions(+), 3 deletions(-) diff --git a/app/controllers/watchers_controller.rb b/app/controllers/watchers_controller.rb index 97afffe01..9170acb34 100644 --- a/app/controllers/watchers_controller.rb +++ b/app/controllers/watchers_controller.rb @@ -134,8 +134,12 @@ class WatchersController < ApplicationController def users_for_new_watcher scope = nil - if params[:q].blank? && @project.present? - scope = @project.principals.assignable_watchers + if params[:q].blank? + if @project.present? + scope = @project.principals.assignable_watchers + elsif @projects.present? && @projects.size > 1 + scope = Principal.joins(:members).where(:members => { :project_id => @projects }).assignable_watchers.distinct + end else scope = Principal.assignable_watchers.limit(100) end diff --git a/app/views/watchers/_new.html.erb b/app/views/watchers/_new.html.erb index bc08a3322..dfff5516c 100644 --- a/app/views/watchers/_new.html.erb +++ b/app/views/watchers/_new.html.erb @@ -31,7 +31,7 @@ title = :controller => 'watchers', :action => 'autocomplete_for_user', :object_type => (watchables.present? ? watchables.first.class.name.underscore : nil), - :object_id => (watchables.present? && watchables.size == 1 ? watchables.first.id : nil), + :object_id => (watchables.present? ? watchables.map(&:id) : nil), :project_id => @project ) )}' diff --git a/test/functional/watchers_controller_test.rb b/test/functional/watchers_controller_test.rb index 5e399b729..ad5a64e89 100644 --- a/test/functional/watchers_controller_test.rb +++ b/test/functional/watchers_controller_test.rb @@ -191,6 +191,20 @@ class WatchersControllerTest < Redmine::ControllerTest assert_match /ajax-modal/, response.body end + def test_new_with_multiple_objects_from_different_projects + @request.session[:user_id] = 2 + get :new, :params => { + :object_id => [7, 9], + :object_type => 'issue' + }, :xhr => true + assert_response :success + + assert_match( + %r{/watchers/autocomplete_for_user\?object_id%5B%5D=7&object_id%5B%5D=9&object_type=issue}, + response.body + ) + end + def test_create_as_html @request.session[:user_id] = 2 assert_difference('Watcher.count') do @@ -426,6 +440,27 @@ class WatchersControllerTest < Redmine::ControllerTest assert response.body.blank? end + def test_autocomplete_with_multiple_objects_from_different_projects + @request.session[:user_id] = 2 + + # 7 => eCookbook + # 9 => Private child of eCookbook + get :autocomplete_for_user, :params => { + :object_id => [7, 9], + :object_type => 'issue' + }, :xhr => true + + assert_response :success + + # All users from two projects eCookbook (7) and Private child of eCookbook (9) + assert_select 'input', :count => 5 + assert_select 'input[name=?][value="1"]', 'watcher[user_ids][]' + assert_select 'input[name=?][value="2"]', 'watcher[user_ids][]' + assert_select 'input[name=?][value="3"]', 'watcher[user_ids][]' + assert_select 'input[name=?][value="8"]', 'watcher[user_ids][]' + assert_select 'input[name=?][value="10"]', 'watcher[user_ids][]' + end + def test_append @request.session[:user_id] = 2 assert_no_difference 'Watcher.count' do -- 2.39.5