git-svn-id: http://svn.redmine.org/redmine/trunk@16181 e93f8b46-1217-0410-a6f0-8f06a7374b81

преди 7 години · 7b32a0371d
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -32,11 +32,6 @@ class Issue < ActiveRecord::Base
  belongs_to :category, :class_name => 'IssueCategory'

  has_many :journals, :as => :journalized, :dependent => :destroy, :inverse_of => :journalized
  has_many :visible_journals,
    lambda {where(["(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(User.current, :view_private_notes)}))", false])},
    :class_name => 'Journal',
    :as => :journalized

  has_many :time_entries, :dependent => :destroy
  has_and_belongs_to_many :changesets, lambda {order("#{Changeset.table_name}.committed_on ASC, #{Changeset.table_name}.id ASC")}

@@ -822,7 +817,12 @@ class Issue < ActiveRecord::Base
      reorder(:created_on, :id).to_a

    result.each_with_index {|j,i| j.indice = i+1}
    result.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, project)

    unless user.allowed_to?(:view_private_notes, project)
      result.select! do |journal|
        !journal.private_notes? || journal.user == user
      end
    end
    Journal.preload_journals_details_custom_fields(result)
    result.select! {|journal| journal.notes? || journal.visible_details.any?}
    result
--- a/app/models/journal.rb
+++ b/app/models/journal.rb
@@ -47,9 +47,10 @@ class Journal < ActiveRecord::Base

  scope :visible, lambda {|*args|
    user = args.shift || User.current
    private_notes_condition = Project.allowed_to_condition(user, :view_private_notes, *args)
    joins(:issue => :project).
      where(Issue.visible_condition(user, *args)).
      where("(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(user, :view_private_notes, *args)}))", false)
      where("(#{Journal.table_name}.private_notes = ? OR #{Journal.table_name}.user_id = ? OR (#{private_notes_condition}))", false, user.id)
  }

  safe_attributes 'notes',
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -1605,6 +1605,20 @@ class IssuesControllerTest < Redmine::ControllerTest
    assert_select "#change-#{journal.id}", 0
  end

  def test_show_should_display_private_notes_created_by_current_user
    User.find(3).roles_for_project(Project.find(1)).each do |role|
      role.remove_permission! :view_private_notes
    end
    visible = Journal.create!(:journalized => Issue.find(2), :notes => 'Private notes', :private_notes => true, :user_id => 3)
    not_visible = Journal.create!(:journalized => Issue.find(2), :notes => 'Private notes', :private_notes => true, :user_id => 1)
    @request.session[:user_id] = 3

    get :show, :id => 2
    assert_response :success
    assert_select "#change-#{visible.id}", 1
    assert_select "#change-#{not_visible.id}", 0
  end

  def test_show_atom
    get :show, :id => 2, :format => 'atom'
    assert_response :success