summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGo MAEDA <maeda@farend.jp>2023-02-26 07:48:19 +0000
committerGo MAEDA <maeda@farend.jp>2023-02-26 07:48:19 +0000
commit41b4bc54a5e000830da5eedc6a495b9a6b2b6a1f (patch)
tree7bc18a9936d5e7b7a764bd6a8ef958ee06283247
parent9a625f261039e523b8aab77ad2017d96abd4e08c (diff)
downloadredmine-41b4bc54a5e000830da5eedc6a495b9a6b2b6a1f.tar.gz
redmine-41b4bc54a5e000830da5eedc6a495b9a6b2b6a1f.zip
Disable auto watch for the anonymous user (#38238).
Patch by Felix Schäfer. git-svn-id: https://svn.redmine.org/redmine/trunk@22116 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r--app/models/issue.rb4
-rw-r--r--app/models/journal.rb4
-rw-r--r--test/unit/issue_test.rb15
-rw-r--r--test/unit/journal_test.rb15
4 files changed, 34 insertions, 4 deletions
diff --git a/app/models/issue.rb b/app/models/issue.rb
index 4edf4fa1b..88c808321 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -2025,8 +2025,8 @@ class Issue < ActiveRecord::Base
end
def add_auto_watcher
- if author &&
- author.allowed_to?(:add_issue_watchers, project) &&
+ if author&.active? &&
+ author&.allowed_to?(:add_issue_watchers, project) &&
author.pref.auto_watch_on?('issue_created') &&
self.watcher_user_ids.exclude?(author.id)
self.set_watcher(author, true)
diff --git a/app/models/journal.rb b/app/models/journal.rb
index 24c02dfbd..4b4139a14 100644
--- a/app/models/journal.rb
+++ b/app/models/journal.rb
@@ -336,8 +336,8 @@ class Journal < ActiveRecord::Base
end
def add_watcher
- if user &&
- user.allowed_to?(:add_issue_watchers, project) &&
+ if user&.active? &&
+ user&.allowed_to?(:add_issue_watchers, project) &&
user.pref.auto_watch_on?('issue_contributed_to') &&
!Watcher.any_watched?(Array.wrap(journalized), user)
journalized.set_watcher(user, true)
diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb
index 5795d2bb1..08bc50df8 100644
--- a/test/unit/issue_test.rb
+++ b/test/unit/issue_test.rb
@@ -3479,6 +3479,21 @@ class IssueTest < ActiveSupport::TestCase
end
end
+ def test_create_should_not_add_anonymous_as_watcher
+ Role.anonymous.add_permission!(:add_issue_watchers)
+
+ user = User.anonymous
+ assert user.pref.auto_watch_on?('issue_contributed_to')
+
+ journal = Journal.new(:journalized => Issue.first, :notes => 'notes', :user => user)
+
+ assert_no_difference 'Watcher.count' do
+ assert journal.save
+ assert journal.valid?
+ assert journal.journalized.valid?
+ end
+ end
+
def test_like_should_escape_query
issue = Issue.generate!(:subject => "asdf")
r = Issue.like('as_f')
diff --git a/test/unit/journal_test.rb b/test/unit/journal_test.rb
index 511b16415..373de93a2 100644
--- a/test/unit/journal_test.rb
+++ b/test/unit/journal_test.rb
@@ -142,6 +142,21 @@ class JournalTest < ActiveSupport::TestCase
end
end
+ def test_create_should_not_add_anonymous_as_watcher
+ Role.anonymous.add_permission!(:add_issue_watchers)
+
+ user = User.anonymous
+ assert user.pref.auto_watch_on?('issue_contributed_to')
+
+ journal = Journal.new(:journalized => Issue.first, :notes => 'notes', :user => user)
+
+ assert_no_difference 'Watcher.count' do
+ assert journal.save
+ assert journal.valid?
+ assert journal.journalized.valid?
+ end
+ end
+
def test_visible_scope_for_anonymous
# Anonymous user should see issues of public projects only
journals = Journal.visible(User.anonymous).to_a