Patch by Felix Schäfer. git-svn-id: https://svn.redmine.org/redmine/trunk@22116 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/5.1.0
@@ -2025,8 +2025,8 @@ class Issue < ActiveRecord::Base | |||
end | |||
def add_auto_watcher | |||
if author && | |||
author.allowed_to?(:add_issue_watchers, project) && | |||
if author&.active? && | |||
author&.allowed_to?(:add_issue_watchers, project) && | |||
author.pref.auto_watch_on?('issue_created') && | |||
self.watcher_user_ids.exclude?(author.id) | |||
self.set_watcher(author, true) |
@@ -336,8 +336,8 @@ class Journal < ActiveRecord::Base | |||
end | |||
def add_watcher | |||
if user && | |||
user.allowed_to?(:add_issue_watchers, project) && | |||
if user&.active? && | |||
user&.allowed_to?(:add_issue_watchers, project) && | |||
user.pref.auto_watch_on?('issue_contributed_to') && | |||
!Watcher.any_watched?(Array.wrap(journalized), user) | |||
journalized.set_watcher(user, true) |
@@ -3479,6 +3479,21 @@ class IssueTest < ActiveSupport::TestCase | |||
end | |||
end | |||
def test_create_should_not_add_anonymous_as_watcher | |||
Role.anonymous.add_permission!(:add_issue_watchers) | |||
user = User.anonymous | |||
assert user.pref.auto_watch_on?('issue_contributed_to') | |||
journal = Journal.new(:journalized => Issue.first, :notes => 'notes', :user => user) | |||
assert_no_difference 'Watcher.count' do | |||
assert journal.save | |||
assert journal.valid? | |||
assert journal.journalized.valid? | |||
end | |||
end | |||
def test_like_should_escape_query | |||
issue = Issue.generate!(:subject => "asdf") | |||
r = Issue.like('as_f') |
@@ -142,6 +142,21 @@ class JournalTest < ActiveSupport::TestCase | |||
end | |||
end | |||
def test_create_should_not_add_anonymous_as_watcher | |||
Role.anonymous.add_permission!(:add_issue_watchers) | |||
user = User.anonymous | |||
assert user.pref.auto_watch_on?('issue_contributed_to') | |||
journal = Journal.new(:journalized => Issue.first, :notes => 'notes', :user => user) | |||
assert_no_difference 'Watcher.count' do | |||
assert journal.save | |||
assert journal.valid? | |||
assert journal.journalized.valid? | |||
end | |||
end | |||
def test_visible_scope_for_anonymous | |||
# Anonymous user should see issues of public projects only | |||
journals = Journal.visible(User.anonymous).to_a |