summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--app/models/issue_query.rb4
-rw-r--r--test/unit/query_test.rb41
2 files changed, 41 insertions, 4 deletions
diff --git a/app/models/issue_query.rb b/app/models/issue_query.rb
index bede78575..d368dbe17 100644
--- a/app/models/issue_query.rb
+++ b/app/models/issue_query.rb
@@ -521,7 +521,9 @@ class IssueQuery < Query
def sql_for_watcher_id_field(field, operator, value)
db_table = Watcher.table_name
- me, others = value.partition {|id| ['0', User.current.id.to_s].include?(id)}
+ me_ids = [0, User.current.id]
+ me_ids = me_ids.concat(User.current.groups.pluck(:id))
+ me, others = value.partition {|id| me_ids.include?(id.to_i)}
sql =
if others.any?
"SELECT #{Issue.table_name}.id FROM #{Issue.table_name} " +
diff --git a/test/unit/query_test.rb b/test/unit/query_test.rb
index 1b687ed2b..c8ba72cad 100644
--- a/test/unit/query_test.rb
+++ b/test/unit/query_test.rb
@@ -1376,7 +1376,7 @@ class QueryTest < ActiveSupport::TestCase
assert_equal Project.where(parent_id: bookmarks).ids, result.map(&:id).sort
end
- def test_filter_watched_issues
+ def test_filter_watched_issues_by_user
User.current = User.find(1)
query =
IssueQuery.new(
@@ -1384,7 +1384,7 @@ class QueryTest < ActiveSupport::TestCase
:filters => {
'watcher_id' => {
:operator => '=',
- :values => ['me']
+ :values => [User.current.id]
}
}
)
@@ -1394,13 +1394,17 @@ class QueryTest < ActiveSupport::TestCase
assert_equal Issue.visible.watched_by(User.current).sort_by(&:id), result.sort_by(&:id)
end
- def test_filter_watched_issues_with_groups_also
+ def test_filter_watched_issues_by_me_should_include_user_groups
user = User.find(2)
group = Group.find(10)
group.users << user
Issue.find(3).add_watcher(user)
Issue.find(7).add_watcher(group)
+ manager = Role.find(1)
+ # view_issue_watchers permission is not required to see watched issues by current user or user groups
+ manager.remove_permission! :view_issue_watchers
User.current = user
+
query =
IssueQuery.new(
:name => '_',
@@ -1412,11 +1416,42 @@ class QueryTest < ActiveSupport::TestCase
}
)
result = find_issues_with_query(query)
+
assert_not_nil result
assert !result.empty?
assert_equal [3, 7], result.sort_by(&:id).pluck(:id)
end
+ def test_filter_watched_issues_by_group_should_include_only_projects_with_permission
+ user = User.find(2)
+ group = Group.find(10)
+
+ Issue.find(4).add_watcher(group)
+ Issue.find(2).add_watcher(group)
+
+ developer = Role.find(2)
+ developer.remove_permission! :view_issue_watchers
+
+ User.current = user
+
+ query =
+ IssueQuery.new(
+ :name => '_',
+ :filters => {
+ 'watcher_id' => {
+ :operator => '=',
+ :values => [group.id]
+ }
+ }
+ )
+ result = find_issues_with_query(query)
+
+ assert_not_nil result
+
+ # "Developer" role doesn't have the view_issue_watchers permission of issue's #4 project (OnlineStore).
+ assert_equal [2], result.pluck(:id)
+ end
+
def test_filter_unwatched_issues
User.current = User.find(1)
query =