diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2011-11-11 12:22:47 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2011-11-11 12:22:47 +0000 |
| commit | 857cf5db38c23fd13f3834f773cc18c950c46d63 (patch) | |
| tree | a061bbc7f363e9292355da3e56917cadfa2fb9c3 | |
| parent | a920184c8303b6baebebf07f5b245e3da2ad5dcd (diff) | |
| download | redmine-857cf5db38c23fd13f3834f773cc18c950c46d63.tar.gz redmine-857cf5db38c23fd13f3834f773cc18c950c46d63.zip | |
Fixed: User with groups may not see issues assigned to him or to its groups (#9478).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7771 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/models/issue.rb | 4 | ||||
| -rw-r--r-- | test/unit/issue_test.rb | 23 |
2 files changed, 25 insertions, 2 deletions
diff --git a/app/models/issue.rb b/app/models/issue.rb index 50b0dcecd..735a50ee9 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -95,10 +95,10 @@ class Issue < ActiveRecord::Base nil when 'default' user_ids = [user.id] + user.groups.map(&:id) - "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids}))" + "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" when 'own' user_ids = [user.id] + user.groups.map(&:id) - "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids}))" + "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" else '1=0' end diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb index 6b7702d93..c769c0c31 100644 --- a/test/unit/issue_test.rb +++ b/test/unit/issue_test.rb @@ -160,6 +160,29 @@ class IssueTest < ActiveSupport::TestCase assert_visibility_match user, issues end + def test_visible_scope_for_member_with_groups_should_return_assigned_issues + user = User.find(8) + assert user.groups.any? + Member.create!(:principal => user.groups.first, :project_id => 1, :role_ids => [2]) + Role.non_member.remove_permission!(:view_issues) + + issue = Issue.create(:project_id => 1, :tracker_id => 1, :author_id => 3, + :status_id => 1, :priority => IssuePriority.all.first, + :subject => 'Assignment test', + :assigned_to => user.groups.first, + :is_private => true) + + Role.find(2).update_attribute :issues_visibility, 'default' + issues = Issue.visible(User.find(8)).all + assert issues.any? + assert issues.include?(issue) + + Role.find(2).update_attribute :issues_visibility, 'own' + issues = Issue.visible(User.find(8)).all + assert issues.any? + assert issues.include?(issue) + end + def test_visible_scope_for_admin user = User.find(1) user.members.each(&:destroy) |