summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2009-01-31 13:22:29 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2009-01-31 13:22:29 +0000
commitf021c856c19ab4a30a77de6a39239ee437712fa5 (patch)
tree12e0345c3f77f5d93e256bc2ad404f76c3a3f4fd /test
parent2679150ed45b6be974534f410e61416576ca0bd3 (diff)
downloadredmine-f021c856c19ab4a30a77de6a39239ee437712fa5.tar.gz
redmine-f021c856c19ab4a30a77de6a39239ee437712fa5.zip
Fixed: issue details view discloses relations to issues that the user is not allowed to view (#2589).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2343 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test')
-rw-r--r--test/functional/issues_controller_test.rb15
1 files changed, 15 insertions, 0 deletions
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index 1097ca5d1..cc1c77408 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -324,6 +324,21 @@ class IssuesControllerTest < Test::Unit::TestCase
:content => /Notes/ } }
end
+ def test_show_should_not_disclose_relations_to_invisible_issues
+ Setting.cross_project_issue_relations = '1'
+ IssueRelation.create!(:issue_from => Issue.find(1), :issue_to => Issue.find(2), :relation_type => 'relates')
+ # Relation to a private project issue
+ IssueRelation.create!(:issue_from => Issue.find(1), :issue_to => Issue.find(4), :relation_type => 'relates')
+
+ get :show, :id => 1
+ assert_response :success
+
+ assert_tag :div, :attributes => { :id => 'relations' },
+ :descendant => { :tag => 'a', :content => /#2$/ }
+ assert_no_tag :div, :attributes => { :id => 'relations' },
+ :descendant => { :tag => 'a', :content => /#4$/ }
+ end
+
def test_new_routing
assert_routing(
{:method => :get, :path => '/projects/1/issues/new'},