diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-01-14 09:50:28 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-01-14 09:50:28 +0000 |
| commit | 7b32a0371d55250fcd936c5c72de2e893fb8d1c6 (patch) | |
| tree | 7d11c7a773098aee822db8f4cb0692db902e1f6d | |
| parent | 45879a41b25ac3516e8079c38ab745098017369d (diff) | |
| download | redmine-7b32a0371d55250fcd936c5c72de2e893fb8d1c6.tar.gz redmine-7b32a0371d55250fcd936c5c72de2e893fb8d1c6.zip | |
Let user always see his private notes (#17632).
git-svn-id: http://svn.redmine.org/redmine/trunk@16181 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/models/issue.rb | 12 | ||||
| -rw-r--r-- | app/models/journal.rb | 3 | ||||
| -rw-r--r-- | test/functional/issues_controller_test.rb | 14 |
3 files changed, 22 insertions, 7 deletions
diff --git a/app/models/issue.rb b/app/models/issue.rb index a64d72e4c..b61c244ed 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -32,11 +32,6 @@ class Issue < ActiveRecord::Base belongs_to :category, :class_name => 'IssueCategory' has_many :journals, :as => :journalized, :dependent => :destroy, :inverse_of => :journalized - has_many :visible_journals, - lambda {where(["(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(User.current, :view_private_notes)}))", false])}, - :class_name => 'Journal', - :as => :journalized - has_many :time_entries, :dependent => :destroy has_and_belongs_to_many :changesets, lambda {order("#{Changeset.table_name}.committed_on ASC, #{Changeset.table_name}.id ASC")} @@ -822,7 +817,12 @@ class Issue < ActiveRecord::Base reorder(:created_on, :id).to_a result.each_with_index {|j,i| j.indice = i+1} - result.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, project) + + unless user.allowed_to?(:view_private_notes, project) + result.select! do |journal| + !journal.private_notes? || journal.user == user + end + end Journal.preload_journals_details_custom_fields(result) result.select! {|journal| journal.notes? || journal.visible_details.any?} result diff --git a/app/models/journal.rb b/app/models/journal.rb index 3c15d978d..447cbe4b5 100644 --- a/app/models/journal.rb +++ b/app/models/journal.rb @@ -47,9 +47,10 @@ class Journal < ActiveRecord::Base scope :visible, lambda {|*args| user = args.shift || User.current + private_notes_condition = Project.allowed_to_condition(user, :view_private_notes, *args) joins(:issue => :project). where(Issue.visible_condition(user, *args)). - where("(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(user, :view_private_notes, *args)}))", false) + where("(#{Journal.table_name}.private_notes = ? OR #{Journal.table_name}.user_id = ? OR (#{private_notes_condition}))", false, user.id) } safe_attributes 'notes', diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb index f51a890d0..e01b69f47 100644 --- a/test/functional/issues_controller_test.rb +++ b/test/functional/issues_controller_test.rb @@ -1605,6 +1605,20 @@ class IssuesControllerTest < Redmine::ControllerTest assert_select "#change-#{journal.id}", 0 end + def test_show_should_display_private_notes_created_by_current_user + User.find(3).roles_for_project(Project.find(1)).each do |role| + role.remove_permission! :view_private_notes + end + visible = Journal.create!(:journalized => Issue.find(2), :notes => 'Private notes', :private_notes => true, :user_id => 3) + not_visible = Journal.create!(:journalized => Issue.find(2), :notes => 'Private notes', :private_notes => true, :user_id => 1) + @request.session[:user_id] = 3 + + get :show, :id => 2 + assert_response :success + assert_select "#change-#{visible.id}", 1 + assert_select "#change-#{not_visible.id}", 0 + end + def test_show_atom get :show, :id => 2, :format => 'atom' assert_response :success |