git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@10433 e93f8b46-1217-0410-a6f0-8f06a7374b81

11 years ago · 59d8ae61ef
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -88,11 +88,19 @@ class Issue < ActiveRecord::Base
      when 'all'
        nil
      when 'default'
        user_ids = [user.id] + user.groups.map(&:id)
        "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
        if user.logged?
          user_ids = [user.id] + user.groups.map(&:id)
          "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
        else
          "(#{table_name}.is_private = #{connection.quoted_false})"
        end
      when 'own'
        user_ids = [user.id] + user.groups.map(&:id)
        "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
        if user.logged?
          user_ids = [user.id] + user.groups.map(&:id)
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
        else
          '1=0'
        end
      else
        '1=0'
      end
@@ -106,9 +114,9 @@ class Issue < ActiveRecord::Base
      when 'all'
        true
      when 'default'
        !self.is_private? || self.author == user || user.is_or_belongs_to?(assigned_to)
        !self.is_private? || (user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to)))
      when 'own'
        self.author == user || user.is_or_belongs_to?(assigned_to)
        user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to))
      else
        false
      end
--- a/test/unit/issue_test.rb
+++ b/test/unit/issue_test.rb
@@ -25,7 +25,7 @@ class IssueTest < ActiveSupport::TestCase
           :versions,
           :issue_statuses, :issue_categories, :issue_relations, :workflows,
           :enumerations,
           :issues,
           :issues, :journals, :journal_details,
           :custom_fields, :custom_fields_projects, :custom_fields_trackers, :custom_values,
           :time_entries

@@ -105,18 +105,6 @@ class IssueTest < ActiveSupport::TestCase
    assert_visibility_match User.anonymous, issues
  end

  def test_visible_scope_for_anonymous_with_own_issues_visibility
    Role.anonymous.update_attribute :issues_visibility, 'own'
    Issue.create!(:project_id => 1, :tracker_id => 1,
                  :author_id => User.anonymous.id,
                  :subject => 'Issue by anonymous')

    issues = Issue.visible(User.anonymous).all
    assert issues.any?
    assert_nil issues.detect {|issue| issue.author != User.anonymous}
    assert_visibility_match User.anonymous, issues
  end

  def test_visible_scope_for_anonymous_without_view_issues_permissions
    # Anonymous user should not see issues without permission
    Role.anonymous.remove_permission!(:view_issues)
@@ -125,6 +113,20 @@ class IssueTest < ActiveSupport::TestCase
    assert_visibility_match User.anonymous, issues
  end

  def test_anonymous_should_not_see_private_issues_with_issues_visibility_set_to_default
    assert Role.anonymous.update_attribute(:issues_visibility, 'default')
    issue = Issue.generate_for_project!(Project.find(1), :author => User.anonymous, :assigned_to => User.anonymous, :is_private => true)
    assert_nil Issue.where(:id => issue.id).visible(User.anonymous).first
    assert !issue.visible?(User.anonymous)
  end

  def test_anonymous_should_not_see_private_issues_with_issues_visibility_set_to_own
    assert Role.anonymous.update_attribute(:issues_visibility, 'own')
    issue = Issue.generate_for_project!(Project.find(1), :author => User.anonymous, :assigned_to => User.anonymous, :is_private => true)
    assert_nil Issue.where(:id => issue.id).visible(User.anonymous).first
    assert !issue.visible?(User.anonymous)
  end

  def test_visible_scope_for_non_member
    user = User.find(9)
    assert user.projects.empty?