summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2013-07-13 09:20:11 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2013-07-13 09:20:11 +0000
commit628d05629b734371d3e850a95dadf0be30c5ef20 (patch)
tree58a9da4e8266ee45a0800996f9228e9d2a45108c /test
parenta74d55edd99a4bae23e7d9cbd76136ffa7707ccf (diff)
downloadredmine-628d05629b734371d3e850a95dadf0be30c5ef20.tar.gz
redmine-628d05629b734371d3e850a95dadf0be30c5ef20.zip
Role-based issue custom field visibility (#5037).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@12012 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test')
-rw-r--r--test/functional/issues_custom_fields_visibility_test.rb322
-rw-r--r--test/functional/search_custom_fields_visibility_test.rb78
-rw-r--r--test/functional/timelog_custom_fields_visibility_test.rb113
-rw-r--r--test/functional/workflows_controller_test.rb17
-rw-r--r--test/test_helper.rb16
-rw-r--r--test/unit/custom_field_test.rb38
-rw-r--r--test/unit/issue_custom_field_test.rb42
-rw-r--r--test/unit/lib/redmine/hook_test.rb4
-rw-r--r--test/unit/mailer_test.rb62
-rw-r--r--test/unit/query_test.rb22
10 files changed, 674 insertions, 40 deletions
diff --git a/test/functional/issues_custom_fields_visibility_test.rb b/test/functional/issues_custom_fields_visibility_test.rb
new file mode 100644
index 000000000..dfe6e0794
--- /dev/null
+++ b/test/functional/issues_custom_fields_visibility_test.rb
@@ -0,0 +1,322 @@
+# Redmine - project management software
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+require File.expand_path('../../test_helper', __FILE__)
+
+class IssuesCustomFieldsVisibilityTest < ActionController::TestCase
+ tests IssuesController
+ fixtures :projects,
+ :users,
+ :roles,
+ :members,
+ :member_roles,
+ :issue_statuses,
+ :trackers,
+ :projects_trackers,
+ :enabled_modules,
+ :enumerations,
+ :workflows
+
+ def setup
+ CustomField.delete_all
+ Issue.delete_all
+ field_attributes = {:field_format => 'string', :is_for_all => true, :is_filter => true, :trackers => Tracker.all}
+ @fields = []
+ @fields << (@field1 = IssueCustomField.create!(field_attributes.merge(:name => 'Field 1', :visible => true)))
+ @fields << (@field2 = IssueCustomField.create!(field_attributes.merge(:name => 'Field 2', :visible => false, :role_ids => [1, 2])))
+ @fields << (@field3 = IssueCustomField.create!(field_attributes.merge(:name => 'Field 3', :visible => false, :role_ids => [1, 3])))
+ @issue = Issue.generate!(
+ :author_id => 1,
+ :project_id => 1,
+ :tracker_id => 1,
+ :custom_field_values => {@field1.id => 'Value0', @field2.id => 'Value1', @field3.id => 'Value2'}
+ )
+
+ @user_with_role_on_other_project = User.generate!
+ User.add_to_project(@user_with_role_on_other_project, Project.find(2), Role.find(3))
+
+ @users_to_test = {
+ User.find(1) => [@field1, @field2, @field3],
+ User.find(3) => [@field1, @field2],
+ @user_with_role_on_other_project => [@field1], # should see field1 only on Project 1
+ User.generate! => [@field1],
+ User.anonymous => [@field1]
+ }
+
+ Member.where(:project_id => 1).each do |member|
+ member.destroy unless @users_to_test.keys.include?(member.principal)
+ end
+ end
+
+ def test_show_should_show_visible_custom_fields_only
+ @users_to_test.each do |user, fields|
+ @request.session[:user_id] = user.id
+ get :show, :id => @issue.id
+ @fields.each_with_index do |field, i|
+ if fields.include?(field)
+ assert_select 'td', {:text => "Value#{i}", :count => 1}, "User #{user.id} was not able to view #{field.name}"
+ else
+ assert_select 'td', {:text => "Value#{i}", :count => 0}, "User #{user.id} was able to view #{field.name}"
+ end
+ end
+ end
+ end
+
+ def test_show_should_show_visible_custom_fields_only_in_api
+ @users_to_test.each do |user, fields|
+ with_settings :rest_api_enabled => '1' do
+ get :show, :id => @issue.id, :format => 'xml', :include => 'custom_fields', :key => user.api_key
+ end
+ @fields.each_with_index do |field, i|
+ if fields.include?(field)
+ assert_select "custom_field[id=#{field.id}] value", {:text => "Value#{i}", :count => 1}, "User #{user.id} was not able to view #{field.name} in API"
+ else
+ assert_select "custom_field[id=#{field.id}] value", {:text => "Value#{i}", :count => 0}, "User #{user.id} was not able to view #{field.name} in API"
+ end
+ end
+ end
+ end
+
+ def test_show_should_show_visible_custom_fields_only_in_history
+ @issue.init_journal(User.find(1))
+ @issue.custom_field_values = {@field1.id => 'NewValue0', @field2.id => 'NewValue1', @field3.id => 'NewValue2'}
+ @issue.save!
+
+ @users_to_test.each do |user, fields|
+ @request.session[:user_id] = user.id
+ get :show, :id => @issue.id
+ @fields.each_with_index do |field, i|
+ if fields.include?(field)
+ assert_select 'ul.details i', {:text => "Value#{i}", :count => 1}, "User #{user.id} was not able to view #{field.name} change"
+ else
+ assert_select 'ul.details i', {:text => "Value#{i}", :count => 0}, "User #{user.id} was able to view #{field.name} change"
+ end
+ end
+ end
+ end
+
+ def test_show_should_show_visible_custom_fields_only_in_history_api
+ @issue.init_journal(User.find(1))
+ @issue.custom_field_values = {@field1.id => 'NewValue0', @field2.id => 'NewValue1', @field3.id => 'NewValue2'}
+ @issue.save!
+
+ @users_to_test.each do |user, fields|
+ with_settings :rest_api_enabled => '1' do
+ get :show, :id => @issue.id, :format => 'xml', :include => 'journals', :key => user.api_key
+ end
+ @fields.each_with_index do |field, i|
+ if fields.include?(field)
+ assert_select 'details old_value', {:text => "Value#{i}", :count => 1}, "User #{user.id} was not able to view #{field.name} change in API"
+ else
+ assert_select 'details old_value', {:text => "Value#{i}", :count => 0}, "User #{user.id} was able to view #{field.name} change in API"
+ end
+ end
+ end
+ end
+
+ def test_edit_should_show_visible_custom_fields_only
+ Role.anonymous.add_permission! :edit_issues
+
+ @users_to_test.each do |user, fields|
+ @request.session[:user_id] = user.id
+ get :edit, :id => @issue.id
+ @fields.each_with_index do |field, i|
+ if fields.include?(field)
+ assert_select 'input[value=?]', "Value#{i}", 1, "User #{user.id} was not able to edit #{field.name}"
+ else
+ assert_select 'input[value=?]', "Value#{i}", 0, "User #{user.id} was able to edit #{field.name}"
+ end
+ end
+ end
+ end
+
+ def test_update_should_update_visible_custom_fields_only
+ Role.anonymous.add_permission! :edit_issues
+
+ @users_to_test.each do |user, fields|
+ @request.session[:user_id] = user.id
+ put :update, :id => @issue.id,
+ :issue => {:custom_field_values => {
+ @field1.id.to_s => "User#{user.id}Value0",
+ @field2.id.to_s => "User#{user.id}Value1",
+ @field3.id.to_s => "User#{user.id}Value2",
+ }}
+ @issue.reload
+ @fields.each_with_index do |field, i|
+ if fields.include?(field)
+ assert_equal "User#{user.id}Value#{i}", @issue.custom_field_value(field), "User #{user.id} was not able to update #{field.name}"
+ else
+ assert_not_equal "User#{user.id}Value#{i}", @issue.custom_field_value(field), "User #{user.id} was able to update #{field.name}"
+ end
+ end
+ end
+ end
+
+ def test_index_should_show_visible_custom_fields_only
+ @users_to_test.each do |user, fields|
+ @request.session[:user_id] = user.id
+ get :index, :c => (["subject"] + @fields.map{|f| "cf_#{f.id}"})
+ @fields.each_with_index do |field, i|
+ if fields.include?(field)
+ assert_select 'td', {:text => "Value#{i}", :count => 1}, "User #{user.id} was not able to view #{field.name}"
+ else
+ assert_select 'td', {:text => "Value#{i}", :count => 0}, "User #{user.id} was able to view #{field.name}"
+ end
+ end
+ end
+ end
+
+ def test_index_as_csv_should_show_visible_custom_fields_only
+ @users_to_test.each do |user, fields|
+ @request.session[:user_id] = user.id
+ get :index, :c => (["subject"] + @fields.map{|f| "cf_#{f.id}"}), :format => 'csv'
+ @fields.each_with_index do |field, i|
+ if fields.include?(field)
+ assert_include "Value#{i}", response.body, "User #{user.id} was not able to view #{field.name} in CSV"
+ else
+ assert_not_include "Value#{i}", response.body, "User #{user.id} was able to view #{field.name} in CSV"
+ end
+ end
+ end
+ end
+
+ def test_index_with_partial_custom_field_visibility
+ Issue.delete_all
+ p1 = Project.generate!
+ p2 = Project.generate!
+ user = User.generate!
+ User.add_to_project(user, p1, Role.find_all_by_id(1,3))
+ User.add_to_project(user, p2, Role.find_all_by_id(3))
+ Issue.generate!(:project => p1, :tracker_id => 1, :custom_field_values => {@field2.id => 'ValueA'})
+ Issue.generate!(:project => p2, :tracker_id => 1, :custom_field_values => {@field2.id => 'ValueB'})
+ Issue.generate!(:project => p1, :tracker_id => 1, :custom_field_values => {@field2.id => 'ValueC'})
+
+ @request.session[:user_id] = user.id
+ get :index, :c => ["subject", "cf_#{@field2.id}"]
+ assert_select 'td', :text => 'ValueA'
+ assert_select 'td', :text => 'ValueB', :count => 0
+ assert_select 'td', :text => 'ValueC'
+
+ get :index, :sort => "cf_#{@field2.id}"
+ # ValueB is not visible to user and ignored while sorting
+ assert_equal %w(ValueB ValueA ValueC), assigns(:issues).map{|i| i.custom_field_value(@field2)}
+
+ get :index, :set_filter => '1', "cf_#{@field2.id}" => '*'
+ assert_equal %w(ValueA ValueC), assigns(:issues).map{|i| i.custom_field_value(@field2)}
+
+ CustomField.update_all(:field_format => 'list')
+ get :index, :group => "cf_#{@field2.id}"
+ assert_equal %w(ValueA ValueC), assigns(:issues).map{|i| i.custom_field_value(@field2)}
+ end
+
+ def test_create_should_send_notifications_according_custom_fields_visibility
+ # anonymous user is never notified
+ users_to_test = @users_to_test.reject {|k,v| k.anonymous?}
+
+ ActionMailer::Base.deliveries.clear
+ @request.session[:user_id] = 1
+ with_settings :bcc_recipients => '1' do
+ assert_difference 'Issue.count' do
+ post :create,
+ :project_id => 1,
+ :issue => {
+ :tracker_id => 1,
+ :status_id => 1,
+ :subject => 'New issue',
+ :priority_id => 5,
+ :custom_field_values => {@field1.id.to_s => 'Value0', @field2.id.to_s => 'Value1', @field3.id.to_s => 'Value2'},
+ :watcher_user_ids => users_to_test.keys.map(&:id)
+ }
+ assert_response 302
+ end
+ end
+ assert_equal users_to_test.values.uniq.size, ActionMailer::Base.deliveries.size
+ # tests that each user receives 1 email with the custom fields he is allowed to see only
+ users_to_test.each do |user, fields|
+ mails = ActionMailer::Base.deliveries.select {|m| m.bcc.include? user.mail}
+ assert_equal 1, mails.size
+ mail = mails.first
+ @fields.each_with_index do |field, i|
+ if fields.include?(field)
+ assert_mail_body_match "Value#{i}", mail, "User #{user.id} was not able to view #{field.name} in notification"
+ else
+ assert_mail_body_no_match "Value#{i}", mail, "User #{user.id} was able to view #{field.name} in notification"
+ end
+ end
+ end
+ end
+
+ def test_update_should_send_notifications_according_custom_fields_visibility
+ # anonymous user is never notified
+ users_to_test = @users_to_test.reject {|k,v| k.anonymous?}
+
+ users_to_test.keys.each do |user|
+ Watcher.create!(:user => user, :watchable => @issue)
+ end
+ ActionMailer::Base.deliveries.clear
+ @request.session[:user_id] = 1
+ with_settings :bcc_recipients => '1' do
+ put :update,
+ :id => @issue.id,
+ :issue => {
+ :custom_field_values => {@field1.id.to_s => 'NewValue0', @field2.id.to_s => 'NewValue1', @field3.id.to_s => 'NewValue2'}
+ }
+ assert_response 302
+ end
+ assert_equal users_to_test.values.uniq.size, ActionMailer::Base.deliveries.size
+ # tests that each user receives 1 email with the custom fields he is allowed to see only
+ users_to_test.each do |user, fields|
+ mails = ActionMailer::Base.deliveries.select {|m| m.bcc.include? user.mail}
+ assert_equal 1, mails.size
+ mail = mails.first
+ @fields.each_with_index do |field, i|
+ if fields.include?(field)
+ assert_mail_body_match "Value#{i}", mail, "User #{user.id} was not able to view #{field.name} in notification"
+ else
+ assert_mail_body_no_match "Value#{i}", mail, "User #{user.id} was able to view #{field.name} in notification"
+ end
+ end
+ end
+ end
+
+ def test_updating_hidden_custom_fields_only_should_not_notifiy_user
+ # anonymous user is never notified
+ users_to_test = @users_to_test.reject {|k,v| k.anonymous?}
+
+ users_to_test.keys.each do |user|
+ Watcher.create!(:user => user, :watchable => @issue)
+ end
+ ActionMailer::Base.deliveries.clear
+ @request.session[:user_id] = 1
+ with_settings :bcc_recipients => '1' do
+ put :update,
+ :id => @issue.id,
+ :issue => {
+ :custom_field_values => {@field2.id.to_s => 'NewValue1', @field3.id.to_s => 'NewValue2'}
+ }
+ assert_response 302
+ end
+ users_to_test.each do |user, fields|
+ mails = ActionMailer::Base.deliveries.select {|m| m.bcc.include? user.mail}
+ if (fields & [@field2, @field3]).any?
+ assert_equal 1, mails.size, "User #{user.id} was not notified"
+ else
+ assert_equal 0, mails.size, "User #{user.id} was notified"
+ end
+ end
+ end
+end
diff --git a/test/functional/search_custom_fields_visibility_test.rb b/test/functional/search_custom_fields_visibility_test.rb
new file mode 100644
index 000000000..9b88aec62
--- /dev/null
+++ b/test/functional/search_custom_fields_visibility_test.rb
@@ -0,0 +1,78 @@
+# Redmine - project management software
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+require File.expand_path('../../test_helper', __FILE__)
+
+class SearchCustomFieldsVisibilityTest < ActionController::TestCase
+ tests SearchController
+ fixtures :projects,
+ :users,
+ :roles,
+ :members,
+ :member_roles,
+ :issue_statuses,
+ :trackers,
+ :projects_trackers,
+ :enabled_modules,
+ :enumerations,
+ :workflows
+
+ def setup
+ field_attributes = {:field_format => 'string', :is_for_all => true, :is_filter => true, :searchable => true, :trackers => Tracker.all}
+ @fields = []
+ @fields << (@field1 = IssueCustomField.create!(field_attributes.merge(:name => 'Field 1', :visible => true)))
+ @fields << (@field2 = IssueCustomField.create!(field_attributes.merge(:name => 'Field 2', :visible => false, :role_ids => [1, 2])))
+ @fields << (@field3 = IssueCustomField.create!(field_attributes.merge(:name => 'Field 3', :visible => false, :role_ids => [1, 3])))
+ @issue = Issue.generate!(
+ :author_id => 1,
+ :project_id => 1,
+ :tracker_id => 1,
+ :custom_field_values => {@field1.id => 'Value0', @field2.id => 'Value1', @field3.id => 'Value2'}
+ )
+
+ @user_with_role_on_other_project = User.generate!
+ User.add_to_project(@user_with_role_on_other_project, Project.find(2), Role.find(3))
+
+ @users_to_test = {
+ User.find(1) => [@field1, @field2, @field3],
+ User.find(3) => [@field1, @field2],
+ @user_with_role_on_other_project => [@field1], # should see field1 only on Project 1
+ User.generate! => [@field1],
+ User.anonymous => [@field1]
+ }
+
+ Member.where(:project_id => 1).each do |member|
+ member.destroy unless @users_to_test.keys.include?(member.principal)
+ end
+ end
+
+ def test_search_should_search_visible_custom_fields_only
+ @users_to_test.each do |user, fields|
+ @request.session[:user_id] = user.id
+ @fields.each_with_index do |field, i|
+ get :index, :q => "value#{i}"
+ assert_response :success
+ # we should get a result only if the custom field is visible
+ if fields.include?(field)
+ assert_equal 1, assigns(:results).size
+ else
+ assert_equal 0, assigns(:results).size
+ end
+ end
+ end
+ end
+end
diff --git a/test/functional/timelog_custom_fields_visibility_test.rb b/test/functional/timelog_custom_fields_visibility_test.rb
new file mode 100644
index 000000000..c90eadc06
--- /dev/null
+++ b/test/functional/timelog_custom_fields_visibility_test.rb
@@ -0,0 +1,113 @@
+# Redmine - project management software
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+require File.expand_path('../../test_helper', __FILE__)
+
+class TimelogCustomFieldsVisibilityTest < ActionController::TestCase
+ tests TimelogController
+ fixtures :projects,
+ :users,
+ :roles,
+ :members,
+ :member_roles,
+ :issue_statuses,
+ :trackers,
+ :projects_trackers,
+ :enabled_modules,
+ :enumerations,
+ :workflows
+
+ def setup
+ field_attributes = {:field_format => 'string', :is_for_all => true, :is_filter => true, :trackers => Tracker.all}
+ @fields = []
+ @fields << (@field1 = IssueCustomField.create!(field_attributes.merge(:name => 'Field 1', :visible => true)))
+ @fields << (@field2 = IssueCustomField.create!(field_attributes.merge(:name => 'Field 2', :visible => false, :role_ids => [1, 2])))
+ @fields << (@field3 = IssueCustomField.create!(field_attributes.merge(:name => 'Field 3', :visible => false, :role_ids => [1, 3])))
+ @issue = Issue.generate!(
+ :author_id => 1,
+ :project_id => 1,
+ :tracker_id => 1,
+ :custom_field_values => {@field1.id => 'Value0', @field2.id => 'Value1', @field3.id => 'Value2'}
+ )
+ TimeEntry.generate!(:issue => @issue)
+
+ @user_with_role_on_other_project = User.generate!
+ User.add_to_project(@user_with_role_on_other_project, Project.find(2), Role.find(3))
+
+ @users_to_test = {
+ User.find(1) => [@field1, @field2, @field3],
+ User.find(3) => [@field1, @field2],
+ @user_with_role_on_other_project => [@field1], # should see field1 only on Project 1
+ User.generate! => [@field1],
+ User.anonymous => [@field1]
+ }
+
+ Member.where(:project_id => 1).each do |member|
+ member.destroy unless @users_to_test.keys.include?(member.principal)
+ end
+ end
+
+ def test_index_should_show_visible_custom_fields_only
+ @users_to_test.each do |user, fields|
+ @request.session[:user_id] = user.id
+ get :index, :project_id => 1, :issue_id => @issue.id, :c => (['hours'] + @fields.map{|f| "issue.cf_#{f.id}"})
+ @fields.each_with_index do |field, i|
+ if fields.include?(field)
+ assert_select 'td', {:text => "Value#{i}", :count => 1}, "User #{user.id} was not able to view #{field.name}"
+ else
+ assert_select 'td', {:text => "Value#{i}", :count => 0}, "User #{user.id} was able to view #{field.name}"
+ end
+ end
+ end
+ end
+
+ def test_index_as_csv_should_show_visible_custom_fields_only
+ @users_to_test.each do |user, fields|
+ @request.session[:user_id] = user.id
+ get :index, :project_id => 1, :issue_id => @issue.id, :c => (['hours'] + @fields.map{|f| "issue.cf_#{f.id}"}), :format => 'csv'
+ @fields.each_with_index do |field, i|
+ if fields.include?(field)
+ assert_include "Value#{i}", response.body, "User #{user.id} was not able to view #{field.name} in CSV"
+ else
+ assert_not_include "Value#{i}", response.body, "User #{user.id} was able to view #{field.name} in CSV"
+ end
+ end
+ end
+ end
+
+ def test_index_with_partial_custom_field_visibility_should_show_visible_custom_fields_only
+ Issue.delete_all
+ TimeEntry.delete_all
+ p1 = Project.generate!
+ p2 = Project.generate!
+ user = User.generate!
+ User.add_to_project(user, p1, Role.find_all_by_id(1,3))
+ User.add_to_project(user, p2, Role.find_all_by_id(3))
+ TimeEntry.generate!(:issue => Issue.generate!(:project => p1, :tracker_id => 1, :custom_field_values => {@field2.id => 'ValueA'}))
+ TimeEntry.generate!(:issue => Issue.generate!(:project => p2, :tracker_id => 1, :custom_field_values => {@field2.id => 'ValueB'}))
+ TimeEntry.generate!(:issue => Issue.generate!(:project => p1, :tracker_id => 1, :custom_field_values => {@field2.id => 'ValueC'}))
+
+ @request.session[:user_id] = user.id
+ get :index, :c => ["hours", "issue.cf_#{@field2.id}"]
+ assert_select 'td', :text => 'ValueA'
+ assert_select 'td', :text => 'ValueB', :count => 0
+ assert_select 'td', :text => 'ValueC'
+
+ get :index, :set_filter => '1', "issue.cf_#{@field2.id}" => '*'
+ assert_equal %w(ValueA ValueC), assigns(:entries).map{|i| i.issue.custom_field_value(@field2)}.sort
+ end
+end
diff --git a/test/functional/workflows_controller_test.rb b/test/functional/workflows_controller_test.rb
index f5bf3910b..001cb1a4e 100644
--- a/test/functional/workflows_controller_test.rb
+++ b/test/functional/workflows_controller_test.rb
@@ -200,6 +200,23 @@ class WorkflowsControllerTest < ActionController::TestCase
end
end
+ def test_get_permissions_should_disable_hidden_custom_fields
+ cf1 = IssueCustomField.generate!(:tracker_ids => [1], :visible => true)
+ cf2 = IssueCustomField.generate!(:tracker_ids => [1], :visible => false, :role_ids => [1])
+ cf3 = IssueCustomField.generate!(:tracker_ids => [1], :visible => false, :role_ids => [1, 2])
+
+ get :permissions, :role_id => 2, :tracker_id => 1
+ assert_response :success
+ assert_template 'permissions'
+
+ assert_select 'select[name=?]:not(.disabled)', "permissions[#{cf1.id}][1]"
+ assert_select 'select[name=?]:not(.disabled)', "permissions[#{cf3.id}][1]"
+
+ assert_select 'select[name=?][disabled=disabled]', "permissions[#{cf2.id}][1]" do
+ assert_select 'option[value=][selected=selected]', :text => 'Hidden'
+ end
+ end
+
def test_get_permissions_with_role_and_tracker_and_all_statuses
WorkflowTransition.delete_all
diff --git a/test/test_helper.rb b/test/test_helper.rb
index 39826bc2d..725b1f596 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -169,8 +169,8 @@ class ActiveSupport::TestCase
assert s.include?(expected), (message || "\"#{expected}\" not found in \"#{s}\"")
end
- def assert_not_include(expected, s)
- assert !s.include?(expected), "\"#{expected}\" found in \"#{s}\""
+ def assert_not_include(expected, s, message=nil)
+ assert !s.include?(expected), (message || "\"#{expected}\" found in \"#{s}\"")
end
def assert_select_in(text, *args, &block)
@@ -178,19 +178,19 @@ class ActiveSupport::TestCase
assert_select(d, *args, &block)
end
- def assert_mail_body_match(expected, mail)
+ def assert_mail_body_match(expected, mail, message=nil)
if expected.is_a?(String)
- assert_include expected, mail_body(mail)
+ assert_include expected, mail_body(mail), message
else
- assert_match expected, mail_body(mail)
+ assert_match expected, mail_body(mail), message
end
end
- def assert_mail_body_no_match(expected, mail)
+ def assert_mail_body_no_match(expected, mail, message=nil)
if expected.is_a?(String)
- assert_not_include expected, mail_body(mail)
+ assert_not_include expected, mail_body(mail), message
else
- assert_no_match expected, mail_body(mail)
+ assert_no_match expected, mail_body(mail), message
end
end
diff --git a/test/unit/custom_field_test.rb b/test/unit/custom_field_test.rb
index 17a0041c0..051853abc 100644
--- a/test/unit/custom_field_test.rb
+++ b/test/unit/custom_field_test.rb
@@ -241,4 +241,42 @@ class CustomFieldTest < ActiveSupport::TestCase
field = CustomField.find(1)
assert_equal 'PostgreSQL', field.value_from_keyword('postgresql', Issue.find(1))
end
+
+ def test_visibile_scope_with_admin_should_return_all_custom_fields
+ CustomField.delete_all
+ fields = [
+ CustomField.generate!(:visible => true),
+ CustomField.generate!(:visible => false),
+ CustomField.generate!(:visible => false, :role_ids => [1, 3]),
+ CustomField.generate!(:visible => false, :role_ids => [1, 2]),
+ ]
+
+ assert_equal 4, CustomField.visible(User.find(1)).count
+ end
+
+ def test_visibile_scope_with_non_admin_user_should_return_visible_custom_fields
+ CustomField.delete_all
+ fields = [
+ CustomField.generate!(:visible => true),
+ CustomField.generate!(:visible => false),
+ CustomField.generate!(:visible => false, :role_ids => [1, 3]),
+ CustomField.generate!(:visible => false, :role_ids => [1, 2]),
+ ]
+ user = User.generate!
+ User.add_to_project(user, Project.first, Role.find(3))
+
+ assert_equal [fields[0], fields[2]], CustomField.visible(user).order("id").to_a
+ end
+
+ def test_visibile_scope_with_anonymous_user_should_return_visible_custom_fields
+ CustomField.delete_all
+ fields = [
+ CustomField.generate!(:visible => true),
+ CustomField.generate!(:visible => false),
+ CustomField.generate!(:visible => false, :role_ids => [1, 3]),
+ CustomField.generate!(:visible => false, :role_ids => [1, 2]),
+ ]
+
+ assert_equal [fields[0]], CustomField.visible(User.anonymous).order("id").to_a
+ end
end
diff --git a/test/unit/issue_custom_field_test.rb b/test/unit/issue_custom_field_test.rb
new file mode 100644
index 000000000..26cc84467
--- /dev/null
+++ b/test/unit/issue_custom_field_test.rb
@@ -0,0 +1,42 @@
+# Redmine - project management software
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+require File.expand_path('../../test_helper', __FILE__)
+
+class IssueCustomFieldTest < ActiveSupport::TestCase
+ include Redmine::I18n
+
+ fixtures :roles
+
+ def test_custom_field_with_visible_set_to_false_should_validate_roles
+ set_language_if_valid 'en'
+ field = IssueCustomField.new(:name => 'Field', :field_format => 'string', :visible => false)
+ assert !field.save
+ assert_include "Roles can't be blank", field.errors.full_messages
+ field.role_ids = [1, 2]
+ assert field.save
+ end
+
+ def test_changing_visible_to_true_should_clear_roles
+ field = IssueCustomField.create!(:name => 'Field', :field_format => 'string', :visible => false, :role_ids => [1, 2])
+ assert_equal 2, field.roles.count
+
+ field.visible = true
+ field.save!
+ assert_equal 0, field.roles.count
+ end
+end
diff --git a/test/unit/lib/redmine/hook_test.rb b/test/unit/lib/redmine/hook_test.rb
index 9f81b912d..f5ee1179f 100644
--- a/test/unit/lib/redmine/hook_test.rb
+++ b/test/unit/lib/redmine/hook_test.rb
@@ -154,14 +154,14 @@ class Redmine::Hook::ManagerTest < ActionView::TestCase
issue = Issue.find(1)
ActionMailer::Base.deliveries.clear
- Mailer.issue_add(issue).deliver
+ Mailer.deliver_issue_add(issue)
mail = ActionMailer::Base.deliveries.last
@hook_module.add_listener(TestLinkToHook)
hook_helper.call_hook(:view_layouts_base_html_head)
ActionMailer::Base.deliveries.clear
- Mailer.issue_add(issue).deliver
+ Mailer.deliver_issue_add(issue)
mail2 = ActionMailer::Base.deliveries.last
assert_equal mail_body(mail), mail_body(mail2)
diff --git a/test/unit/mailer_test.rb b/test/unit/mailer_test.rb
index c4891678f..93f4567d3 100644
--- a/test/unit/mailer_test.rb
+++ b/test/unit/mailer_test.rb
@@ -42,7 +42,7 @@ class MailerTest < ActiveSupport::TestCase
Setting.protocol = 'https'
journal = Journal.find(3)
- assert Mailer.issue_edit(journal).deliver
+ assert Mailer.deliver_issue_edit(journal)
mail = last_email
assert_not_nil mail
@@ -81,7 +81,7 @@ class MailerTest < ActiveSupport::TestCase
Setting.protocol = 'http'
journal = Journal.find(3)
- assert Mailer.issue_edit(journal).deliver
+ assert Mailer.deliver_issue_edit(journal)
mail = last_email
assert_not_nil mail
@@ -121,7 +121,7 @@ class MailerTest < ActiveSupport::TestCase
Redmine::Utils.relative_url_root = nil
journal = Journal.find(3)
- assert Mailer.issue_edit(journal).deliver
+ assert Mailer.deliver_issue_edit(journal)
mail = last_email
assert_not_nil mail
@@ -158,7 +158,7 @@ class MailerTest < ActiveSupport::TestCase
def test_email_headers
issue = Issue.find(1)
- Mailer.issue_add(issue).deliver
+ Mailer.deliver_issue_add(issue)
mail = last_email
assert_not_nil mail
assert_equal 'OOF', mail.header['X-Auto-Response-Suppress'].to_s
@@ -168,7 +168,7 @@ class MailerTest < ActiveSupport::TestCase
def test_email_headers_should_include_sender
issue = Issue.find(1)
- Mailer.issue_add(issue).deliver
+ Mailer.deliver_issue_add(issue)
mail = last_email
assert_equal issue.author.login, mail.header['X-Redmine-Sender'].to_s
end
@@ -176,7 +176,7 @@ class MailerTest < ActiveSupport::TestCase
def test_plain_text_mail
Setting.plain_text_mail = 1
journal = Journal.find(2)
- Mailer.issue_edit(journal).deliver
+ Mailer.deliver_issue_edit(journal)
mail = last_email
assert_equal "text/plain; charset=UTF-8", mail.content_type
assert_equal 0, mail.parts.size
@@ -186,7 +186,7 @@ class MailerTest < ActiveSupport::TestCase
def test_html_mail
Setting.plain_text_mail = 0
journal = Journal.find(2)
- Mailer.issue_edit(journal).deliver
+ Mailer.deliver_issue_edit(journal)
mail = last_email
assert_equal 2, mail.parts.size
assert mail.encoded.include?('href')
@@ -231,19 +231,21 @@ class MailerTest < ActiveSupport::TestCase
end
def test_issue_add_message_id
- issue = Issue.find(1)
- Mailer.issue_add(issue).deliver
+ issue = Issue.find(2)
+ Mailer.deliver_issue_add(issue)
mail = last_email
- assert_equal Mailer.message_id_for(issue), mail.message_id
- assert_nil mail.references
+ assert_match /^redmine\.issue-2\.20060719190421\.[a-f0-9]+@example\.net/, mail.message_id
+ assert_include "redmine.issue-2.20060719190421@example.net", mail.references
end
def test_issue_edit_message_id
- journal = Journal.find(1)
- Mailer.issue_edit(journal).deliver
+ journal = Journal.find(3)
+ journal.issue = Issue.find(2)
+
+ Mailer.deliver_issue_edit(journal)
mail = last_email
- assert_equal Mailer.message_id_for(journal), mail.message_id
- assert_include Mailer.message_id_for(journal.issue), mail.references
+ assert_match /^redmine\.journal-3\.\d+\.[a-f0-9]+@example\.net/, mail.message_id
+ assert_include "redmine.issue-2.20060719190421@example.net", mail.references
assert_select_email do
# link to the update
assert_select "a[href=?]",
@@ -255,8 +257,8 @@ class MailerTest < ActiveSupport::TestCase
message = Message.find(1)
Mailer.message_posted(message).deliver
mail = last_email
- assert_equal Mailer.message_id_for(message), mail.message_id
- assert_nil mail.references
+ assert_match /^redmine\.message-1\.\d+\.[a-f0-9]+@example\.net/, mail.message_id
+ assert_include "redmine.message-1.20070512151532@example.net", mail.references
assert_select_email do
# link to the message
assert_select "a[href=?]",
@@ -269,8 +271,8 @@ class MailerTest < ActiveSupport::TestCase
message = Message.find(3)
Mailer.message_posted(message).deliver
mail = last_email
- assert_equal Mailer.message_id_for(message), mail.message_id
- assert_include Mailer.message_id_for(message.parent), mail.references
+ assert_match /^redmine\.message-3\.\d+\.[a-f0-9]+@example\.net/, mail.message_id
+ assert_include "redmine.message-1.20070512151532@example.net", mail.references
assert_select_email do
# link to the reply
assert_select "a[href=?]",
@@ -281,14 +283,14 @@ class MailerTest < ActiveSupport::TestCase
test "#issue_add should notify project members" do
issue = Issue.find(1)
- assert Mailer.issue_add(issue).deliver
+ assert Mailer.deliver_issue_add(issue)
assert last_email.bcc.include?('dlopper@somenet.foo')
end
test "#issue_add should not notify project members that are not allow to view the issue" do
issue = Issue.find(1)
Role.find(2).remove_permission!(:view_issues)
- assert Mailer.issue_add(issue).deliver
+ assert Mailer.deliver_issue_add(issue)
assert !last_email.bcc.include?('dlopper@somenet.foo')
end
@@ -302,7 +304,7 @@ class MailerTest < ActiveSupport::TestCase
user.save
Watcher.create!(:watchable => issue, :user => user)
- assert Mailer.issue_add(issue).deliver
+ assert Mailer.deliver_issue_add(issue)
assert last_email.bcc.include?(user.mail)
end
@@ -311,7 +313,7 @@ class MailerTest < ActiveSupport::TestCase
user = User.find(9)
Watcher.create!(:watchable => issue, :user => user)
Role.non_member.remove_permission!(:view_issues)
- assert Mailer.issue_add(issue).deliver
+ assert Mailer.deliver_issue_add(issue)
assert !last_email.bcc.include?(user.mail)
end
@@ -320,7 +322,7 @@ class MailerTest < ActiveSupport::TestCase
issue = Issue.find(1)
valid_languages.each do |lang|
Setting.default_language = lang.to_s
- assert Mailer.issue_add(issue).deliver
+ assert Mailer.deliver_issue_add(issue)
end
end
@@ -328,7 +330,7 @@ class MailerTest < ActiveSupport::TestCase
journal = Journal.find(1)
valid_languages.each do |lang|
Setting.default_language = lang.to_s
- assert Mailer.issue_edit(journal).deliver
+ assert Mailer.deliver_issue_edit(journal)
end
end
@@ -338,11 +340,11 @@ class MailerTest < ActiveSupport::TestCase
journal.save!
Role.find(2).add_permission! :view_private_notes
- Mailer.issue_edit(journal).deliver
+ Mailer.deliver_issue_edit(journal)
assert_equal %w(dlopper@somenet.foo jsmith@somenet.foo), ActionMailer::Base.deliveries.last.bcc.sort
Role.find(2).remove_permission! :view_private_notes
- Mailer.issue_edit(journal).deliver
+ Mailer.deliver_issue_edit(journal)
assert_equal %w(jsmith@somenet.foo), ActionMailer::Base.deliveries.last.bcc.sort
end
@@ -353,11 +355,11 @@ class MailerTest < ActiveSupport::TestCase
journal.save!
Role.non_member.add_permission! :view_private_notes
- Mailer.issue_edit(journal).deliver
+ Mailer.deliver_issue_edit(journal)
assert_include 'someone@foo.bar', ActionMailer::Base.deliveries.last.bcc.sort
Role.non_member.remove_permission! :view_private_notes
- Mailer.issue_edit(journal).deliver
+ Mailer.deliver_issue_edit(journal)
assert_not_include 'someone@foo.bar', ActionMailer::Base.deliveries.last.bcc.sort
end
@@ -367,7 +369,7 @@ class MailerTest < ActiveSupport::TestCase
journal.save!
with_settings :default_language => 'en' do
- Mailer.issue_edit(journal).deliver
+ Mailer.deliver_issue_edit(journal)
end
assert_mail_body_match '(Private notes)', last_email
end
diff --git a/test/unit/query_test.rb b/test/unit/query_test.rb
index 15f1cf21c..4ec430cf7 100644
--- a/test/unit/query_test.rb
+++ b/test/unit/query_test.rb
@@ -1201,6 +1201,28 @@ class QueryTest < ActiveSupport::TestCase
assert ! query.available_filters["assigned_to_role"][:values].include?(['Anonymous','5'])
end
+ def test_available_filters_should_include_custom_field_according_to_user_visibility
+ visible_field = IssueCustomField.generate!(:is_for_all => true, :is_filter => true, :visible => true)
+ hidden_field = IssueCustomField.generate!(:is_for_all => true, :is_filter => true, :visible => false, :role_ids => [1])
+
+ with_current_user User.find(3) do
+ query = IssueQuery.new
+ assert_include "cf_#{visible_field.id}", query.available_filters.keys
+ assert_not_include "cf_#{hidden_field.id}", query.available_filters.keys
+ end
+ end
+
+ def test_available_columns_should_include_custom_field_according_to_user_visibility
+ visible_field = IssueCustomField.generate!(:is_for_all => true, :is_filter => true, :visible => true)
+ hidden_field = IssueCustomField.generate!(:is_for_all => true, :is_filter => true, :visible => false, :role_ids => [1])
+
+ with_current_user User.find(3) do
+ query = IssueQuery.new
+ assert_include :"cf_#{visible_field.id}", query.available_columns.map(&:name)
+ assert_not_include :"cf_#{hidden_field.id}", query.available_columns.map(&:name)
+ end
+ end
+
context "#statement" do
context "with 'member_of_group' filter" do
setup do