git-svn-id: http://svn.redmine.org/redmine/trunk@16181 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/3.4.0
@@ -32,11 +32,6 @@ class Issue < ActiveRecord::Base | |||
belongs_to :category, :class_name => 'IssueCategory' | |||
has_many :journals, :as => :journalized, :dependent => :destroy, :inverse_of => :journalized | |||
has_many :visible_journals, | |||
lambda {where(["(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(User.current, :view_private_notes)}))", false])}, | |||
:class_name => 'Journal', | |||
:as => :journalized | |||
has_many :time_entries, :dependent => :destroy | |||
has_and_belongs_to_many :changesets, lambda {order("#{Changeset.table_name}.committed_on ASC, #{Changeset.table_name}.id ASC")} | |||
@@ -822,7 +817,12 @@ class Issue < ActiveRecord::Base | |||
reorder(:created_on, :id).to_a | |||
result.each_with_index {|j,i| j.indice = i+1} | |||
result.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, project) | |||
unless user.allowed_to?(:view_private_notes, project) | |||
result.select! do |journal| | |||
!journal.private_notes? || journal.user == user | |||
end | |||
end | |||
Journal.preload_journals_details_custom_fields(result) | |||
result.select! {|journal| journal.notes? || journal.visible_details.any?} | |||
result |
@@ -47,9 +47,10 @@ class Journal < ActiveRecord::Base | |||
scope :visible, lambda {|*args| | |||
user = args.shift || User.current | |||
private_notes_condition = Project.allowed_to_condition(user, :view_private_notes, *args) | |||
joins(:issue => :project). | |||
where(Issue.visible_condition(user, *args)). | |||
where("(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(user, :view_private_notes, *args)}))", false) | |||
where("(#{Journal.table_name}.private_notes = ? OR #{Journal.table_name}.user_id = ? OR (#{private_notes_condition}))", false, user.id) | |||
} | |||
safe_attributes 'notes', |
@@ -1605,6 +1605,20 @@ class IssuesControllerTest < Redmine::ControllerTest | |||
assert_select "#change-#{journal.id}", 0 | |||
end | |||
def test_show_should_display_private_notes_created_by_current_user | |||
User.find(3).roles_for_project(Project.find(1)).each do |role| | |||
role.remove_permission! :view_private_notes | |||
end | |||
visible = Journal.create!(:journalized => Issue.find(2), :notes => 'Private notes', :private_notes => true, :user_id => 3) | |||
not_visible = Journal.create!(:journalized => Issue.find(2), :notes => 'Private notes', :private_notes => true, :user_id => 1) | |||
@request.session[:user_id] = 3 | |||
get :show, :id => 2 | |||
assert_response :success | |||
assert_select "#change-#{visible.id}", 1 | |||
assert_select "#change-#{not_visible.id}", 0 | |||
end | |||
def test_show_atom | |||
get :show, :id => 2, :format => 'atom' | |||
assert_response :success |