diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-05-14 18:01:13 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-05-14 18:01:13 +0000 |
| commit | 7ee38a95a0052ddc544137f32fcf9114e5ffabb9 (patch) | |
| tree | 363d189e6aca2fd389c8f58ff58ed96e35fdcd6a | |
| parent | 06e44b8e643797c8d5a11478ef6605f49c7220e0 (diff) | |
| download | redmine-7ee38a95a0052ddc544137f32fcf9114e5ffabb9.tar.gz redmine-7ee38a95a0052ddc544137f32fcf9114e5ffabb9.zip | |
Fixed: Calendar and Gantt show private subprojects even if current user is not a member of them (#1217).
git-svn-id: http://redmine.rubyforge.org/svn/trunk@1431 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/models/project.rb | 7 | ||||
| -rw-r--r-- | test/fixtures/issues.yml | 18 | ||||
| -rw-r--r-- | test/functional/projects_controller_test.rb | 25 |
3 files changed, 44 insertions, 6 deletions
diff --git a/app/models/project.rb b/app/models/project.rb index 964469649..8c32c8562 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -73,9 +73,9 @@ class Project < ActiveRecord::Base def issues_with_subprojects(include_subprojects=false) conditions = nil - if include_subprojects && !active_children.empty? - ids = [id] + active_children.collect {|c| c.id} - conditions = ["#{Project.table_name}.id IN (#{ids.join(',')})"] + if include_subprojects + ids = [id] + child_ids + conditions = ["#{Project.table_name}.id IN (#{ids.join(',')}) AND #{Project.visible_by}"] end conditions ||= ["#{Project.table_name}.id = ?", id] # Quick and dirty fix for Rails 2 compatibility @@ -93,6 +93,7 @@ class Project < ActiveRecord::Base end def self.visible_by(user=nil) + user ||= User.current if user && user.admin? return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}" elsif user && user.memberships.any? diff --git a/test/fixtures/issues.yml b/test/fixtures/issues.yml index 4f42d93c4..48195a7b7 100644 --- a/test/fixtures/issues.yml +++ b/test/fixtures/issues.yml @@ -71,4 +71,20 @@ issues_005: assigned_to_id:
author_id: 2
status_id: 1
-
+issues_006:
+ created_on: <%= 1.minute.ago.to_date.to_s(:db) %>
+ project_id: 5
+ updated_on: <%= 1.minute.ago.to_date.to_s(:db) %>
+ priority_id: 4
+ subject: Issue of a private subproject
+ id: 6
+ fixed_version_id:
+ category_id:
+ description: This is an issue of a private subproject of cookbook
+ tracker_id: 1
+ assigned_to_id:
+ author_id: 2
+ status_id: 1
+ start_date: <%= Date.today.to_s(:db) %>
+ due_date: <%= 1.days.from_now.to_date.to_s(:db) %>
+
\ No newline at end of file diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb index 5af7b5572..bebe96f29 100644 --- a/test/functional/projects_controller_test.rb +++ b/test/functional/projects_controller_test.rb @@ -29,6 +29,7 @@ class ProjectsControllerTest < Test::Unit::TestCase @controller = ProjectsController.new @request = ActionController::TestRequest.new @response = ActionController::TestResponse.new + @request.session[:user_id] = nil end def test_index @@ -237,11 +238,21 @@ class ProjectsControllerTest < Test::Unit::TestCase assert_not_nil assigns(:calendar) end - def test_calendar_with_subprojects + def test_calendar_with_subprojects_should_not_show_private_subprojects get :calendar, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2] assert_response :success assert_template 'calendar' assert_not_nil assigns(:calendar) + assert_no_tag :tag => 'a', :content => /#6/ + end + + def test_calendar_with_subprojects_should_show_private_subprojects + @request.session[:user_id] = 2 + get :calendar, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2] + assert_response :success + assert_template 'calendar' + assert_not_nil assigns(:calendar) + assert_tag :tag => 'a', :content => /#6/ end def test_gantt @@ -251,13 +262,23 @@ class ProjectsControllerTest < Test::Unit::TestCase assert_not_nil assigns(:events) end - def test_gantt_with_subprojects + def test_gantt_with_subprojects_should_not_show_private_subprojects get :gantt, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2] assert_response :success assert_template 'gantt.rhtml' assert_not_nil assigns(:events) + assert_no_tag :tag => 'a', :content => /#6/ end + def test_gantt_with_subprojects_should_show_private_subprojects + @request.session[:user_id] = 2 + get :gantt, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2] + assert_response :success + assert_template 'gantt.rhtml' + assert_not_nil assigns(:events) + assert_tag :tag => 'a', :content => /#6/ + end + def test_gantt_export_to_pdf get :gantt, :id => 1, :format => 'pdf' assert_response :success |