diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2011-04-11 17:53:15 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2011-04-11 17:53:15 +0000 |
| commit | aa0d01b3d9f5ae5634eda73e1becd75cc4668f3e (patch) | |
| tree | 8a2a59ba70b18777cf35940ff01b961709405893 /test | |
| parent | 5fd891aa72243e7fff19a05d080c921ae420eeeb (diff) | |
| download | redmine-aa0d01b3d9f5ae5634eda73e1becd75cc4668f3e.tar.gz redmine-aa0d01b3d9f5ae5634eda73e1becd75cc4668f3e.zip | |
Adds an issues visibility level on roles (#7412).
It can be set so that users only see their own issues (created or assigned).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5416 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test')
| -rw-r--r-- | test/fixtures/roles.yml | 5 | ||||
| -rw-r--r-- | test/unit/issue_test.rb | 48 |
2 files changed, 50 insertions, 3 deletions
diff --git a/test/fixtures/roles.yml b/test/fixtures/roles.yml index 979cc3211..7491f2f07 100644 --- a/test/fixtures/roles.yml +++ b/test/fixtures/roles.yml @@ -3,6 +3,7 @@ roles_001: name: Manager id: 1 builtin: 0 + issues_visibility: default permissions: | --- - :add_project @@ -58,6 +59,7 @@ roles_002: name: Developer id: 2 builtin: 0 + issues_visibility: default permissions: | --- - :edit_project @@ -102,6 +104,7 @@ roles_003: name: Reporter id: 3 builtin: 0 + issues_visibility: default permissions: | --- - :edit_project @@ -140,6 +143,7 @@ roles_004: name: Non member id: 4 builtin: 1 + issues_visibility: default permissions: | --- - :view_issues @@ -170,6 +174,7 @@ roles_005: name: Anonymous id: 5 builtin: 2 + issues_visibility: default permissions: | --- - :view_issues diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb index d12eb2205..104933089 100644 --- a/test/unit/issue_test.rb +++ b/test/unit/issue_test.rb @@ -65,35 +65,76 @@ class IssueTest < ActiveSupport::TestCase assert_equal 'PostgreSQL', issue.custom_value_for(field).value end + def assert_visibility_match(user, issues) + assert_equal issues.collect(&:id).sort, Issue.all.select {|issue| issue.visible?(user)}.collect(&:id).sort + end + def test_visible_scope_for_anonymous # Anonymous user should see issues of public projects only issues = Issue.visible(User.anonymous).all assert issues.any? assert_nil issues.detect {|issue| !issue.project.is_public?} + assert_visibility_match User.anonymous, issues + end + + def test_visible_scope_for_anonymous_with_own_issues_visibility + Role.anonymous.update_attribute :issues_visibility, 'own' + Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => User.anonymous.id, :subject => 'Issue by anonymous') + + issues = Issue.visible(User.anonymous).all + assert issues.any? + assert_nil issues.detect {|issue| issue.author != User.anonymous} + assert_visibility_match User.anonymous, issues + end + + def test_visible_scope_for_anonymous_without_view_issues_permissions # Anonymous user should not see issues without permission Role.anonymous.remove_permission!(:view_issues) issues = Issue.visible(User.anonymous).all assert issues.empty? + assert_visibility_match User.anonymous, issues end - def test_visible_scope_for_user + def test_visible_scope_for_non_member user = User.find(9) assert user.projects.empty? # Non member user should see issues of public projects only issues = Issue.visible(user).all assert issues.any? assert_nil issues.detect {|issue| !issue.project.is_public?} + assert_visibility_match user, issues + end + + def test_visible_scope_for_non_member_with_own_issues_visibility + Role.non_member.update_attribute :issues_visibility, 'own' + Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 9, :subject => 'Issue by non member') + user = User.find(9) + + issues = Issue.visible(user).all + assert issues.any? + assert_nil issues.detect {|issue| issue.author != user} + assert_visibility_match user, issues + end + + def test_visible_scope_for_non_member_without_view_issues_permissions # Non member user should not see issues without permission Role.non_member.remove_permission!(:view_issues) - user.reload + user = User.find(9) + assert user.projects.empty? issues = Issue.visible(user).all assert issues.empty? + assert_visibility_match user, issues + end + + def test_visible_scope_for_member + user = User.find(9) # User should see issues of projects for which he has view_issues permissions only + Role.non_member.remove_permission!(:view_issues) Member.create!(:principal => user, :project_id => 2, :role_ids => [1]) - user.reload issues = Issue.visible(user).all assert issues.any? assert_nil issues.detect {|issue| issue.project_id != 2} + assert_visibility_match user, issues end def test_visible_scope_for_admin @@ -104,6 +145,7 @@ class IssueTest < ActiveSupport::TestCase assert issues.any? # Admin should see issues on private projects that he does not belong to assert issues.detect {|issue| !issue.project.is_public?} + assert_visibility_match user, issues end def test_visible_scope_with_project |