diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-09-19 21:48:33 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-09-19 21:48:33 +0000 |
| commit | 59d8ae61ef731351ca54a19bd9868b0b1e862c66 (patch) | |
| tree | 7bb419ebf78530574c4bf77e5afbf3f72950b6b5 /test | |
| parent | fa2fe3e1e852f90a6f5e91fbcda6ab666db0a2df (diff) | |
| download | redmine-59d8ae61ef731351ca54a19bd9868b0b1e862c66.tar.gz redmine-59d8ae61ef731351ca54a19bd9868b0b1e862c66.zip | |
Anonymous users should not see private issues with anonymous author (#11872).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@10433 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test')
| -rw-r--r-- | test/unit/issue_test.rb | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb index 05224701d..fc08313bc 100644 --- a/test/unit/issue_test.rb +++ b/test/unit/issue_test.rb @@ -25,7 +25,7 @@ class IssueTest < ActiveSupport::TestCase :versions, :issue_statuses, :issue_categories, :issue_relations, :workflows, :enumerations, - :issues, + :issues, :journals, :journal_details, :custom_fields, :custom_fields_projects, :custom_fields_trackers, :custom_values, :time_entries @@ -105,18 +105,6 @@ class IssueTest < ActiveSupport::TestCase assert_visibility_match User.anonymous, issues end - def test_visible_scope_for_anonymous_with_own_issues_visibility - Role.anonymous.update_attribute :issues_visibility, 'own' - Issue.create!(:project_id => 1, :tracker_id => 1, - :author_id => User.anonymous.id, - :subject => 'Issue by anonymous') - - issues = Issue.visible(User.anonymous).all - assert issues.any? - assert_nil issues.detect {|issue| issue.author != User.anonymous} - assert_visibility_match User.anonymous, issues - end - def test_visible_scope_for_anonymous_without_view_issues_permissions # Anonymous user should not see issues without permission Role.anonymous.remove_permission!(:view_issues) @@ -125,6 +113,20 @@ class IssueTest < ActiveSupport::TestCase assert_visibility_match User.anonymous, issues end + def test_anonymous_should_not_see_private_issues_with_issues_visibility_set_to_default + assert Role.anonymous.update_attribute(:issues_visibility, 'default') + issue = Issue.generate_for_project!(Project.find(1), :author => User.anonymous, :assigned_to => User.anonymous, :is_private => true) + assert_nil Issue.where(:id => issue.id).visible(User.anonymous).first + assert !issue.visible?(User.anonymous) + end + + def test_anonymous_should_not_see_private_issues_with_issues_visibility_set_to_own + assert Role.anonymous.update_attribute(:issues_visibility, 'own') + issue = Issue.generate_for_project!(Project.find(1), :author => User.anonymous, :assigned_to => User.anonymous, :is_private => true) + assert_nil Issue.where(:id => issue.id).visible(User.anonymous).first + assert !issue.visible?(User.anonymous) + end + def test_visible_scope_for_non_member user = User.find(9) assert user.projects.empty? |