diff options
author | Go MAEDA <maeda@farend.jp> | 2023-02-26 07:48:19 +0000 |
---|---|---|
committer | Go MAEDA <maeda@farend.jp> | 2023-02-26 07:48:19 +0000 |
commit | 41b4bc54a5e000830da5eedc6a495b9a6b2b6a1f (patch) | |
tree | 7bc18a9936d5e7b7a764bd6a8ef958ee06283247 | |
parent | 9a625f261039e523b8aab77ad2017d96abd4e08c (diff) | |
download | redmine-41b4bc54a5e000830da5eedc6a495b9a6b2b6a1f.tar.gz redmine-41b4bc54a5e000830da5eedc6a495b9a6b2b6a1f.zip |
Disable auto watch for the anonymous user (#38238).
Patch by Felix Schäfer.
git-svn-id: https://svn.redmine.org/redmine/trunk@22116 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r-- | app/models/issue.rb | 4 | ||||
-rw-r--r-- | app/models/journal.rb | 4 | ||||
-rw-r--r-- | test/unit/issue_test.rb | 15 | ||||
-rw-r--r-- | test/unit/journal_test.rb | 15 |
4 files changed, 34 insertions, 4 deletions
diff --git a/app/models/issue.rb b/app/models/issue.rb index 4edf4fa1b..88c808321 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -2025,8 +2025,8 @@ class Issue < ActiveRecord::Base end def add_auto_watcher - if author && - author.allowed_to?(:add_issue_watchers, project) && + if author&.active? && + author&.allowed_to?(:add_issue_watchers, project) && author.pref.auto_watch_on?('issue_created') && self.watcher_user_ids.exclude?(author.id) self.set_watcher(author, true) diff --git a/app/models/journal.rb b/app/models/journal.rb index 24c02dfbd..4b4139a14 100644 --- a/app/models/journal.rb +++ b/app/models/journal.rb @@ -336,8 +336,8 @@ class Journal < ActiveRecord::Base end def add_watcher - if user && - user.allowed_to?(:add_issue_watchers, project) && + if user&.active? && + user&.allowed_to?(:add_issue_watchers, project) && user.pref.auto_watch_on?('issue_contributed_to') && !Watcher.any_watched?(Array.wrap(journalized), user) journalized.set_watcher(user, true) diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb index 5795d2bb1..08bc50df8 100644 --- a/test/unit/issue_test.rb +++ b/test/unit/issue_test.rb @@ -3479,6 +3479,21 @@ class IssueTest < ActiveSupport::TestCase end end + def test_create_should_not_add_anonymous_as_watcher + Role.anonymous.add_permission!(:add_issue_watchers) + + user = User.anonymous + assert user.pref.auto_watch_on?('issue_contributed_to') + + journal = Journal.new(:journalized => Issue.first, :notes => 'notes', :user => user) + + assert_no_difference 'Watcher.count' do + assert journal.save + assert journal.valid? + assert journal.journalized.valid? + end + end + def test_like_should_escape_query issue = Issue.generate!(:subject => "asdf") r = Issue.like('as_f') diff --git a/test/unit/journal_test.rb b/test/unit/journal_test.rb index 511b16415..373de93a2 100644 --- a/test/unit/journal_test.rb +++ b/test/unit/journal_test.rb @@ -142,6 +142,21 @@ class JournalTest < ActiveSupport::TestCase end end + def test_create_should_not_add_anonymous_as_watcher + Role.anonymous.add_permission!(:add_issue_watchers) + + user = User.anonymous + assert user.pref.auto_watch_on?('issue_contributed_to') + + journal = Journal.new(:journalized => Issue.first, :notes => 'notes', :user => user) + + assert_no_difference 'Watcher.count' do + assert journal.save + assert journal.valid? + assert journal.journalized.valid? + end + end + def test_visible_scope_for_anonymous # Anonymous user should see issues of public projects only journals = Journal.visible(User.anonymous).to_a |