allow_watchers_and_contributers_access_to_issues_trunk_r15287.patch

Takenori TAKAKI, 2016-03-29 04:13

Download (7.4 KB)

View differences:

app/models/issue.rb
130 130
        when 'own'
131 131
          user_ids = [user.id] + user.groups.map(&:id).compact
132 132
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
133
        when 'own_watch'
134
          user_ids = [user.id] + user.groups.map(&:id)
135
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue'))"
136
        when 'own_watch_contributed'
137
          user_ids = [user.id] + user.groups.map(&:id)
138
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue') OR #{table_name}.id IN (SELECT journalized_id FROM journals where journalized_type = 'Issue' AND user_id=#{user.id} GROUP BY journalized_id))"
133 139
        else
134 140
          '1=0'
135 141
        end
......
150 156
          !self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to))
151 157
        when 'own'
152 158
          self.author == user || user.is_or_belongs_to?(assigned_to)
159
        when 'own_watch'
160
          self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user)
161
        when 'own_watch_contributed'
162
          self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user) || self.journals.where('journalized_id = ?', self.id).where('user_id = ?', user).count > 0
153 163
        else
154 164
          false
155 165
        end
app/models/role.rb
36 36
  ISSUES_VISIBILITY_OPTIONS = [
37 37
    ['all', :label_issues_visibility_all],
38 38
    ['default', :label_issues_visibility_public],
39
    ['own', :label_issues_visibility_own]
39
    ['own', :label_issues_visibility_own],
40
    ['own_watch', :label_issues_visibility_own_watch],
41
    ['own_watch_contributed', :label_issues_visibility_own_watch_contributed]
40 42
  ]
41 43

  
42 44
  TIME_ENTRIES_VISIBILITY_OPTIONS = [
config/locales/en.yml
442 442
  setting_search_results_per_page: Search results per page
443 443
  setting_attachment_extensions_allowed: Allowed extensions
444 444
  setting_attachment_extensions_denied: Disallowed extensions
445
  setting_enable_watcher_issue_visibility: Enable watcher issue visibility
445 446

  
446 447
  permission_add_project: Create project
447 448
  permission_add_subprojects: Create subprojects
......
988 989
  label_api: API
989 990
  label_field_format_enumeration: Key/value list
990 991
  label_default_values_for_new_users: Default values for new users
992
  label_issues_visibility_own_watch: Issues created by, assigned to, or watched by the user
993
  label_issues_visibility_own_watch_contributed: Issues created by, assigned to, watched by, or contributed to by the user
991 994

  
992 995
  button_login: Login
993 996
  button_submit: Submit
test/unit/issue_test.rb
277 277
    assert_visibility_match user, issues
278 278
  end
279 279

  
280
  def test_visible_scope_for_non_member_with_own_watch_issues_visibility
281
    #Role.non_member.add_permission! :view_issues
282
    Role.non_member.update_attribute :issues_visibility, 'own_watch'
283
    user = User.find(9)
284
    assert user.projects.empty?
285
    own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member')
286
    watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member')
287
    watching_issue.add_watcher(user)
288

  
289
    #assert_equal true, own_issue.visible?(user)
290
    #assert_equal true, watching_issue.visible?(user)
291
    assert_visibility_match user, [own_issue, watching_issue]
292
  end
293

  
294
  def test_visible_scope_for_non_member_with_own_watch_contributed_issues_visibility
295
    #Role.non_member.add_permission! :view_issues
296
    Role.non_member.update_attribute :issues_visibility, 'own_watch_contributed'
297
    user = User.find(9)
298
    assert user.projects.empty?
299
    own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member')
300
    watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member')
301
    watching_issue.add_watcher(user)
302
    watching_issue.reload
303
    contributed_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue contributed by non member')
304
    journal = contributed_issue.init_journal(user)
305
    journal.notes = 'journal notes'
306
    journal.save!
307

  
308
    #assert_equal true, own_issue.visible?(user)
309
    #assert_equal true, watching_issue.visible?(user)
310
    #assert_equal true, contributed_issue.visible?(user)
311
    assert_visibility_match user, [own_issue, watching_issue, contributed_issue]
312
  end
313

  
280 314
  def test_visible_scope_for_non_member_without_view_issues_permissions
281 315
    # Non member user should not see issues without permission
282 316
    Role.non_member.remove_permission!(:view_issues)
......
331 365
      :assigned_to => user.groups.first,
332 366
      :is_private => true)
333 367

  
334
    Role.find(2).update_attribute :issues_visibility, 'default'
335
    issues = Issue.visible(User.find(8)).to_a
336
    assert issues.any?
337
    assert issues.include?(issue)
368
    ['default', 'own', 'own_watch', 'own_watch_contributed'].each do |issue_visibility|
369
      Role.find(2).update_attribute :issues_visibility, issue_visibility
370
      issues = Issue.visible(User.find(8)).to_a
371
      assert issues.any?
372
      assert_include issue, issues
373
    end
374
  end
338 375

  
339
    Role.find(2).update_attribute :issues_visibility, 'own'
340
    issues = Issue.visible(User.find(8)).to_a
376
  def test_visible_scope_for_non_member_and_watcher_should_return_watching_issues
377
    user = User.find(9)
378
    assert user.projects.empty?
379
    Role.non_member.add_permission!(:view_issues)
380

  
381
    issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true)
382
    issue.add_watcher(user)
383

  
384
    ['own_watch', 'own_watch_contributed'].each do |issue_visibility|
385
      Role.non_member.update_attribute :issues_visibility, issue_visibility
386
      issues = Issue.visible(user).to_a
387
      assert issues.any?
388
      assert_include issue, issues
389
    end
390
  end
391

  
392
  def test_visible_scope_for_non_member_and_contributer_should_return_contributing_issues
393
    user = User.find(9)
394
    assert user.projects.empty?
395
    Role.non_member.add_permission!(:view_issues)
396

  
397
    issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true)
398
    journal = issue.init_journal(user)
399
    journal.notes = 'journal notes'
400
    journal.save!
401

  
402
    Role.non_member.update_attribute :issues_visibility, 'own_watch_contributed'
403
    issues = Issue.visible(user).to_a
341 404
    assert issues.any?
342 405
    assert_include issue, issues
343 406
  end