diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2009-11-14 12:08:47 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2009-11-14 12:08:47 +0000 |
| commit | dfd02040521b84c64e9aa5d7b70ccfa427ffe841 (patch) | |
| tree | a10651d01952dbcd83ede78d7a2d4f5a7a0028cd /test/unit/issue_test.rb | |
| parent | 326ed79b432a3c0172cfbe0eaf801645e7b2e2c6 (diff) | |
| download | redmine-dfd02040521b84c64e9aa5d7b70ccfa427ffe841.tar.gz redmine-dfd02040521b84c64e9aa5d7b70ccfa427ffe841.zip | |
Add view_issues permission (#3187).
A migration adds this permission to all existing roles to preserve current behaviour.
This permission controls access to issues, roadmap and changelog.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3039 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test/unit/issue_test.rb')
| -rw-r--r-- | test/unit/issue_test.rb | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb index a8010cf48..84ccef601 100644 --- a/test/unit/issue_test.rb +++ b/test/unit/issue_test.rb @@ -18,7 +18,7 @@ require File.dirname(__FILE__) + '/../test_helper' class IssueTest < ActiveSupport::TestCase - fixtures :projects, :users, :members, :member_roles, + fixtures :projects, :users, :members, :member_roles, :roles, :trackers, :projects_trackers, :versions, :issue_statuses, :issue_categories, :issue_relations, :workflows, @@ -64,6 +64,47 @@ class IssueTest < ActiveSupport::TestCase assert_equal 'PostgreSQL', issue.custom_value_for(field).value end + def test_visible_scope_for_anonymous + # Anonymous user should see issues of public projects only + issues = Issue.visible(User.anonymous).all + assert issues.any? + assert_nil issues.detect {|issue| !issue.project.is_public?} + # Anonymous user should not see issues without permission + Role.anonymous.remove_permission!(:view_issues) + issues = Issue.visible(User.anonymous).all + assert issues.empty? + end + + def test_visible_scope_for_user + user = User.find(9) + assert user.projects.empty? + # Non member user should see issues of public projects only + issues = Issue.visible(user).all + assert issues.any? + assert_nil issues.detect {|issue| !issue.project.is_public?} + # Non member user should not see issues without permission + Role.non_member.remove_permission!(:view_issues) + user.reload + issues = Issue.visible(user).all + assert issues.empty? + # User should see issues of projects for which he has view_issues permissions only + Member.create!(:principal => user, :project_id => 2, :role_ids => [1]) + user.reload + issues = Issue.visible(user).all + assert issues.any? + assert_nil issues.detect {|issue| issue.project_id != 2} + end + + def test_visible_scope_for_admin + user = User.find(1) + user.members.each(&:destroy) + assert user.projects.empty? + issues = Issue.visible(user).all + assert issues.any? + # Admin should see issues on private projects that he does not belong to + assert issues.detect {|issue| !issue.project.is_public?} + end + def test_errors_full_messages_should_include_custom_fields_errors field = IssueCustomField.find_by_name('Database') |