Project

General

Profile

Download (5.32 KB)

Patch #23546 » 23546-watched_or_created_or_assigned_issue_visibility_3.4.1.patch

Marius BĂLTEANU, 2017-07-10 20:04

View differences:

app/models/issue.rb
132 132 
        when 'own'
133 133 
          user_ids = [user.id] + user.groups.map(&:id).compact
134 134 
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
135 
        when 'watched'
136 
          user_ids = [user.id] + user.groups.map(&:id).compact
137 
          watcher_select = Watcher.where(watchable_type: self.base_class.name, user_id: user.id).select(:watchable_id).to_sql
138 
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (#{watcher_select}))"
135 139 
        else
136 140 
          '1=0'
137 141 
        end
......
161 165 
          !self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to))
162 166 
        when 'own'
163 167 
          self.author == user || user.is_or_belongs_to?(assigned_to)
168 
        when 'watched'
169 
          self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user)
164 170 
        else
165 171 
          false
166 172 
        end
app/models/role.rb
38 38 
  ISSUES_VISIBILITY_OPTIONS = [
39 39 
    ['all', :label_issues_visibility_all],
40 40 
    ['default', :label_issues_visibility_public],
41 
    ['own', :label_issues_visibility_own]
41 
    ['own', :label_issues_visibility_own],
42 
    ['watched', :label_issues_visibility_watched]
42 43 
  ]
43 44 

  		




  44
  45
  
    
  TIME_ENTRIES_VISIBILITY_OPTIONS = [

  		












  

    
      app/views/messages/show.html.erb
    
  





  80
  80
  
    
<% if !@topic.locked? && authorize_for('messages', 'reply') %>

  		




  81
  81
  
    
<p><%= toggle_link l(:button_reply), "reply", :focus => 'message_content' %></p>

  		




  82
  82
  
    
<div id="reply" style="display:none;">

  		




  83
  
  
    
<%= form_for @reply, :as => :reply, :url => {:action => 'reply', :id => @topic}, :html => {:multipart => true, :id => 'message-form'} do |f| %>

  		




  
  83
  
    
<%= form_for @reply, :as => :reply, :url => {:action => 'reply', :id => @topic}, :html => {:multipart => true, :id => 'messages-form'} do |f| %>

  		




  84
  84
  
    
  <%= render :partial => 'form', :locals => {:f => f, :replying => true} %>

  		




  85
  85
  
    
  <%= submit_tag l(:button_submit) %>

  		




  86
  86
  
    
  <%= preview_link({:controller => 'messages', :action => 'preview', :board_id => @board}, 'message-form') %>

  		












  

    
      config/locales/de.yml
    
  





  595
  595
  
    
  label_issues_visibility_all: Alle Tickets

  		




  596
  596
  
    
  label_issues_visibility_own: Tickets die folgender Benutzer erstellt hat oder die ihm zugewiesen sind

  		




  597
  597
  
    
  label_issues_visibility_public: Alle öffentlichen Tickets

  		




  
  598
  
    
  label_issues_visibility_watched: "Aufgaben die folgender Benutzer beobachtet, erstellt hat oder die ihm zugewiesen sind"

  		




  598
  599
  
    
  label_item_position: "%{position}/%{count}"

  		




  599
  600
  
    
  label_jump_to_a_project: Zu einem Projekt springen...

  		




  600
  601
  
    
  label_language_based: Sprachabhängig

  		












  

    
      config/locales/en.yml
    
  





  933
  933
  
    
  label_issues_visibility_all: All issues

  		




  934
  934
  
    
  label_issues_visibility_public: All non private issues

  		




  935
  935
  
    
  label_issues_visibility_own: Issues created by or assigned to the user

  		




  
  936
  
    
  label_issues_visibility_watched: Issues watched by, created by or assigned to the user

  		




  936
  937
  
    
  label_git_report_last_commit: Report last commit for files and directories

  		




  937
  938
  
    
  label_parent_revision: Parent

  		




  938
  939
  
    
  label_child_revision: Child

  		












  

    
      test/unit/issue_test.rb
    
  





  255
  255
  
    
    assert !issue.visible?(User.anonymous)

  		




  256
  256
  
    
  end

  		




  257
  257
  
    

  		




  
  258
  
    
  def test_anonymous_should_not_see_private_issues_with_issues_visibility_set_to_watched

  		




  
  259
  
    
    assert Role.anonymous.update_attribute(:issues_visibility, 'watched')

  		




  
  260
  
    
    issue = Issue.generate!(:author => User.anonymous, :is_private => true)

  		




  
  261
  
    
    assert_nil Issue.where(:id => issue.id).visible(User.anonymous).first

  		




  
  262
  
    
    assert !issue.visible?(User.anonymous)

  		




  
  263
  
    
  end

  		




  
  264
  
    

  		




  258
  265
  
    
  def test_visible_scope_for_non_member

  		




  259
  266
  
    
    user = User.find(9)

  		




  260
  267
  
    
    assert user.projects.empty?

  		




  ......




  277
  284
  
    
    assert_visibility_match user, issues

  		




  278
  285
  
    
  end

  		




  279
  286
  
    

  		




  
  287
  
    
  def test_visible_scope_for_non_member_with_watched_issues_visibility

  		




  
  288
  
    
    Role.non_member.update_attribute :issues_visibility, 'watched'

  		




  
  289
  
    
    issue = Issue.generate!(:project_id => 1, :tracker_id => 1, :author => User.anonymous, :subject => 'Issue by non member')

  		




  
  290
  
    
    user = User.find(9)

  		




  
  291
  
    
    issue.add_watcher(user)

  		




  
  292
  
    

  		




  
  293
  
    
    issues = Issue.visible(user).all

  		




  
  294
  
    
    assert issues.any?

  		




  
  295
  
    
    assert_nil issues.detect {|issue| !issue.watched_by?(user) }

  		




  
  296
  
    
    assert_visibility_match user, issues

  		




  
  297
  
    
  end

  		




  
  298
  
    

  		




  280
  299
  
    
  def test_visible_scope_for_non_member_without_view_issues_permissions

  		




  281
  300
  
    
    # Non member user should not see issues without permission

  		




  282
  301
  
    
    Role.non_member.remove_permission!(:view_issues)

  		















  (2-2/2)