allow_watchers_and_contributers_access_to_issues_3.3.0.patch

for Redmine 3.3.x - Tobias Fischer, 2017-08-08 16:23

Download (7.41 KB)

View differences:

app/models/issue.rb 2016-04-06 10:05:57.755051963 +0200
130 130
        when 'own'
131 131
          user_ids = [user.id] + user.groups.map(&:id).compact
132 132
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
133
        when 'own_watch'
134
          user_ids = [user.id] + user.groups.map(&:id)
135
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue'))"
136
        when 'own_watch_contributed'
137
          user_ids = [user.id] + user.groups.map(&:id)
138
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue') OR #{table_name}.id IN (SELECT journalized_id FROM journals where journalized_type = 'Issue' AND user_id=#{user.id} GROUP BY journalized_id))"
133 139
        else
134 140
          '1=0'
135 141
        end
......
150 156
          !self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to))
151 157
        when 'own'
152 158
          self.author == user || user.is_or_belongs_to?(assigned_to)
159
        when 'own_watch'
160
          self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user)
161
        when 'own_watch_contributed'
162
          self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user) || self.journals.where('journalized_id = ?', self.id).where('user_id = ?', user).count > 0
153 163
        else
154 164
          false
155 165
        end
app/models/role.rb 2016-04-06 10:05:57.755051963 +0200
36 36
  ISSUES_VISIBILITY_OPTIONS = [
37 37
    ['all', :label_issues_visibility_all],
38 38
    ['default', :label_issues_visibility_public],
39
    ['own', :label_issues_visibility_own]
39
    ['own', :label_issues_visibility_own],
40
    ['own_watch', :label_issues_visibility_own_watch],
41
    ['own_watch_contributed', :label_issues_visibility_own_watch_contributed]
40 42
  ]
41 43
  TIME_ENTRIES_VISIBILITY_OPTIONS = [
config/locales/en.yml 2016-04-06 10:12:27.884900611 +0200
446 446
  setting_attachment_extensions_allowed: Allowed extensions
447 447
  setting_attachment_extensions_denied: Disallowed extensions
448 448
  setting_new_item_menu_tab: Project menu tab for creating new objects
449
  setting_enable_watcher_issue_visibility: Enable watcher issue visibility
449 450
  permission_add_project: Create project
450 451
  permission_add_subprojects: Create subprojects
......
998 998
  label_relations: Relations
999 999
  label_new_project_issue_tab_enabled: Display the "New issue" tab
1000 1000
  label_new_object_tab_enabled: Display the "+" drop-down
1001
  label_issues_visibility_own_watch: Issues created by, assigned to, or watched by the user
1002
  label_issues_visibility_own_watch_contributed: Issues created by, assigned to, watched by, or contributed to by the user
1001 1003
  button_login: Login
1002 1004
  button_submit: Submit
test/unit/issue_test.rb 2016-04-06 10:05:57.756051955 +0200
277 277
    assert_visibility_match user, issues
278 278
  end
279
  def test_visible_scope_for_non_member_with_own_watch_issues_visibility
280
    #Role.non_member.add_permission! :view_issues
281
    Role.non_member.update_attribute :issues_visibility, 'own_watch'
282
    user = User.find(9)
283
    assert user.projects.empty?
284
    own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member')
285
    watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member')
286
    watching_issue.add_watcher(user)
287

  
288
    #assert_equal true, own_issue.visible?(user)
289
    #assert_equal true, watching_issue.visible?(user)
290
    assert_visibility_match user, [own_issue, watching_issue]
291
  end
292

  
293
  def test_visible_scope_for_non_member_with_own_watch_contributed_issues_visibility
294
    #Role.non_member.add_permission! :view_issues
295
    Role.non_member.update_attribute :issues_visibility, 'own_watch_contributed'
296
    user = User.find(9)
297
    assert user.projects.empty?
298
    own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member')
299
    watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member')
300
    watching_issue.add_watcher(user)
301
    watching_issue.reload
302
    contributed_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue contributed by non member')
303
    journal = contributed_issue.init_journal(user)
304
    journal.notes = 'journal notes'
305
    journal.save!
306

  
307
    #assert_equal true, own_issue.visible?(user)
308
    #assert_equal true, watching_issue.visible?(user)
309
    #assert_equal true, contributed_issue.visible?(user)
310
    assert_visibility_match user, [own_issue, watching_issue, contributed_issue]
311
  end
312

  
279 313
  def test_visible_scope_for_non_member_without_view_issues_permissions
280 314
    # Non member user should not see issues without permission
281 315
    Role.non_member.remove_permission!(:view_issues)
......
331 365
      :assigned_to => user.groups.first,
332 366
      :is_private => true)
333
    Role.find(2).update_attribute :issues_visibility, 'default'
334
    issues = Issue.visible(User.find(8)).to_a
335
    assert issues.any?
336
    assert issues.include?(issue)
367
    ['default', 'own', 'own_watch', 'own_watch_contributed'].each do |issue_visibility|
368
      Role.find(2).update_attribute :issues_visibility, issue_visibility
369
      issues = Issue.visible(User.find(8)).to_a
370
      assert issues.any?
371
      assert_include issue, issues
372
    end
373
  end
337
    Role.find(2).update_attribute :issues_visibility, 'own'
338
    issues = Issue.visible(User.find(8)).to_a
374
  def test_visible_scope_for_non_member_and_watcher_should_return_watching_issues
375
    user = User.find(9)
376
    assert user.projects.empty?
377
    Role.non_member.add_permission!(:view_issues)
378

  
379
    issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true)
380
    issue.add_watcher(user)
381

  
382
    ['own_watch', 'own_watch_contributed'].each do |issue_visibility|
383
      Role.non_member.update_attribute :issues_visibility, issue_visibility
384
      issues = Issue.visible(user).to_a
385
      assert issues.any?
386
      assert_include issue, issues
387
    end
388
  end
389

  
390
  def test_visible_scope_for_non_member_and_contributer_should_return_contributing_issues
391
    user = User.find(9)
392
    assert user.projects.empty?
393
    Role.non_member.add_permission!(:view_issues)
394

  
395
    issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true)
396
    journal = issue.init_journal(user)
397
    journal.notes = 'journal notes'
398
    journal.save!
399

  
400
    Role.non_member.update_attribute :issues_visibility, 'own_watch_contributed'
401
    issues = Issue.visible(user).to_a
339 402
    assert issues.any?
340 403
    assert_include issue, issues
341 404
  end