From 1def32c4dda9eb78ac6537d5270d5df83c7e98ba Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sat, 25 Jul 2015 06:44:01 +0000
Subject: Fixed that members without view issues permission are able to list
 issues on public projects if the non member role has the permission (#20206).

git-svn-id: http://svn.redmine.org/redmine/trunk@14450 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 test/unit/issue_test.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'test/unit')

diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb
index bf4d49492..9a8afd66d 100644
--- a/test/unit/issue_test.rb
+++ b/test/unit/issue_test.rb
@@ -310,6 +310,15 @@ class IssueTest < ActiveSupport::TestCase
     assert_visibility_match user, issues
   end
 
+  def test_visible_scope_for_member_without_view_issues_permission_and_non_member_role_having_the_permission
+    Role.non_member.add_permission!(:view_issues)
+    Role.find(1).remove_permission!(:view_issues)
+    user = User.find(2)
+
+    assert_equal 0, Issue.where(:project_id => 1).visible(user).count
+    assert_equal false, Issue.where(:project_id => 1).first.visible?(user)
+  end
+
   def test_visible_scope_for_member_with_groups_should_return_assigned_issues
     user = User.find(8)
     assert user.groups.any?
-- 
cgit v1.2.3