diff options
| author | Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com> | 2010-10-06 05:08:31 +0000 |
|---|---|---|
| committer | Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com> | 2010-10-06 05:08:31 +0000 |
| commit | e59c927ee52d3f40a467e7ca6db7f7fcc2db425f (patch) | |
| tree | 1e1daee8cd499d4fe33c4239da3b1664cceb0225 | |
| parent | e13790c62c800a5b6d9528b5e2db2aad2c5e3710 (diff) | |
| download | redmine-e59c927ee52d3f40a467e7ca6db7f7fcc2db425f.tar.gz redmine-e59c927ee52d3f40a467e7ca6db7f7fcc2db425f.zip | |
Fixed: User#allowed_to? returning true in any case if array of projects had only one item (#5332)
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4233 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/models/user.rb | 6 | ||||
| -rw-r--r-- | test/unit/user_test.rb | 4 |
2 files changed, 8 insertions, 2 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 4b65b3d11..45ab4b4c2 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -368,8 +368,10 @@ class User < Principal elsif project && project.is_a?(Array) # Authorize if user is authorized on every element of the array - project.inject do |memo,p| - memo && allowed_to?(action,p,options) + project.map do |p| + allowed_to?(action,p,options) + end.inject do |memo,p| + memo && p end elsif options[:global] # Admin users are always authorized diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index b451c1e6b..3f824f9fe 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -408,6 +408,10 @@ class UserTest < ActiveSupport::TestCase assert @jsmith.allowed_to?(:edit_issues, @jsmith.projects) #Manager or Developer everywhere assert ! @jsmith.allowed_to?(:delete_issue_watchers, @jsmith.projects) #Dev cannot delete_issue_watchers end + + should "behave correctly with arrays of 1 project" do + assert ! User.anonymous.allowed_to?(:delete_issues, [Project.first]) + end end context "with options[:global]" do |