summaryrefslogtreecommitdiffstats
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/controllers/context_menus_controller.rb12
-rw-r--r--app/models/issue.rb2
-rw-r--r--app/models/project.rb15
-rw-r--r--app/models/role.rb7
4 files changed, 23 insertions, 13 deletions
diff --git a/app/controllers/context_menus_controller.rb b/app/controllers/context_menus_controller.rb
index 66ec35085..dc8e72609 100644
--- a/app/controllers/context_menus_controller.rb
+++ b/app/controllers/context_menus_controller.rb
@@ -35,16 +35,8 @@ class ContextMenusController < ApplicationController
:add_watchers => User.current.allowed_to?(:add_issue_watchers, @projects),
:delete => @issues.all?(&:deletable?)
}
- if @project
- if @issue
- @assignables = @issue.assignable_users
- else
- @assignables = @project.assignable_users
- end
- else
- #when multiple projects, we only keep the intersection of each set
- @assignables = @projects.map(&:assignable_users).reduce(:&)
- end
+
+ @assignables = @issues.map(&:assignable_users).reduce(:&)
@trackers = @projects.map {|p| Issue.allowed_target_trackers(p) }.reduce(:&)
@versions = @projects.map {|p| p.shared_versions.open}.reduce(:&)
diff --git a/app/models/issue.rb b/app/models/issue.rb
index 9cf29532a..5b6ae3041 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -854,7 +854,7 @@ class Issue < ActiveRecord::Base
# Users the issue can be assigned to
def assignable_users
- users = project.assignable_users.to_a
+ users = project.assignable_users(tracker).to_a
users << author if author && author.active?
users << assigned_to if assigned_to
users.uniq.sort
diff --git a/app/models/project.rb b/app/models/project.rb
index b6bc13dde..c48c54855 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -512,16 +512,27 @@ class Project < ActiveRecord::Base
end
# Return a Principal scope of users/groups issues can be assigned to
- def assignable_users
+ def assignable_users(tracker=nil)
+ return @assignable_users[tracker] if @assignable_users && @assignable_users[tracker]
+
types = ['User']
types << 'Group' if Setting.issue_group_assignment?
- @assignable_users ||= Principal.
+ scope = Principal.
active.
joins(:members => :roles).
where(:type => types, :members => {:project_id => id}, :roles => {:assignable => true}).
uniq.
sorted
+
+ if tracker
+ # Rejects users that cannot the view the tracker
+ roles = Role.where(:assignable => true).select {|role| role.permissions_tracker?(:view_issues, tracker)}
+ scope = scope.where(:roles => {:id => roles.map(&:id)})
+ end
+
+ @assignable_users ||= {}
+ @assignable_users[tracker] = scope
end
# Returns the mail addresses of users that should be always notified on project events
diff --git a/app/models/role.rb b/app/models/role.rb
index 89538aa4d..86fe73070 100644
--- a/app/models/role.rb
+++ b/app/models/role.rb
@@ -222,6 +222,13 @@ class Role < ActiveRecord::Base
permissions_all_trackers[permission.to_s].to_s != '0'
end
+ # Returns true if permission is given for the tracker
+ # (explicitly or for all trackers)
+ def permissions_tracker?(permission, tracker)
+ permissions_all_trackers?(permission) ||
+ permissions_tracker_ids?(permission, tracker.try(:id))
+ end
+
# Sets the trackers that are allowed for a permission.
# tracker_ids can be an array of tracker ids or :all for
# no restrictions.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 08:24:10 +0000