summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/models/project.rb6
-rw-r--r--test/unit/issue_test.rb9
2 files changed, 14 insertions, 1 deletions
diff --git a/app/models/project.rb b/app/models/project.rb
index 7c4ac3516..4a54b2210 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -188,7 +188,11 @@ class Project < ActiveRecord::Base
unless options[:member]
role = user.builtin_role
if role.allowed_to?(permission)
- statement_by_role[role] = "#{Project.table_name}.is_public = #{connection.quoted_true}"
+ s = "#{Project.table_name}.is_public = #{connection.quoted_true}"
+ if user.id
+ s = "(#{s} AND #{Project.table_name}.id NOT IN (SELECT project_id FROM #{Member.table_name} WHERE user_id = #{user.id}))"
+ end
+ statement_by_role[role] = s
end
end
user.projects_by_role.each do |role, projects|
diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb
index bf4d49492..9a8afd66d 100644
--- a/test/unit/issue_test.rb
+++ b/test/unit/issue_test.rb
@@ -310,6 +310,15 @@ class IssueTest < ActiveSupport::TestCase
assert_visibility_match user, issues
end
+ def test_visible_scope_for_member_without_view_issues_permission_and_non_member_role_having_the_permission
+ Role.non_member.add_permission!(:view_issues)
+ Role.find(1).remove_permission!(:view_issues)
+ user = User.find(2)
+
+ assert_equal 0, Issue.where(:project_id => 1).visible(user).count
+ assert_equal false, Issue.where(:project_id => 1).first.visible?(user)
+ end
+
def test_visible_scope_for_member_with_groups_should_return_assigned_issues
user = User.find(8)
assert user.groups.any?
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-09 10:47:30 +0000