fix-22368.patch

Takenori TAKAKI, 2017-12-04 14:52

Download (3.1 KB)

View differences:

app/controllers/issues_controller.rb
325 325
        issue = orig_issue
326 326
      end
327 327
      journal = issue.init_journal(User.current, params[:notes])
328
      journal.private_notes = params[:private_notes] if params[:private_notes]
329
      (render_403; return false) if journal.private_notes && User.current.allowed_to?(:set_notes_private, issue.project) == false
328 330
      issue.safe_attributes = attributes
329 331
      call_hook(:controller_issues_bulk_edit_before_save, { :params => params, :issue => issue })
330 332
      if issue.save
app/views/issues/bulk_edit.html.erb
193 193
<fieldset>
194 194
<legend><%= l(:field_notes) %></legend>
195 195
<%= text_area_tag 'notes', @notes, :cols => 60, :rows => 10, :class => 'wiki-edit' %>
196
<%= hidden_field_tag :private_notes, false %>
197
<%= check_box_tag :private_notes, true, false, :no_label => true %> <label for="private_notes" class="inline"><%= l(:field_private_notes) %></label>
196 198
<%= wikitoolbar_for 'notes' %>
197 199
</fieldset>
198 200
</div>
test/functional/issues_controller_test.rb
5578 5578
    assert_redirected_to :controller => 'issues', :action => 'index', :project_id => 'ecookbook'
5579 5579
    assert_equal 'Moving two issues', Issue.find(1).journals.sort_by(&:id).last.notes
5580 5580
    assert_equal 'Moving two issues', Issue.find(2).journals.sort_by(&:id).last.notes
5581
    assert_equal false, Issue.find(1).journals.sort_by(&:id).last.private_notes
5582
    assert_equal false, Issue.find(2).journals.sort_by(&:id).last.private_notes
5583
  end
5584

  
5585
  def test_bulk_update_with_private_notes
5586
    @request.session[:user_id] = 2
5587
    post :bulk_update, :params => {
5588
        :ids => [1, 2],
5589
        :notes => 'Moving two issues',
5590
        :private_notes => 'true'
5591
      }
5592

  
5593
    assert_redirected_to :controller => 'issues', :action => 'index', :project_id => 'ecookbook'
5594
    assert_equal 'Moving two issues', Issue.find(1).journals.sort_by(&:id).last.notes
5595
    assert_equal 'Moving two issues', Issue.find(2).journals.sort_by(&:id).last.notes
5596
    assert_equal true, Issue.find(1).journals.sort_by(&:id).last.private_notes
5597
    assert_equal true, Issue.find(2).journals.sort_by(&:id).last.private_notes
5598
  end
5599

  
5600
  def test_bulk_update_with_private_notes_without_set_private_notes_permission
5601
    @request.session[:user_id] = 2
5602
    Role.find(1).remove_permission! :set_notes_private
5603

  
5604
    post :bulk_update, :params => {
5605
        :ids => [1, 2],
5606
        :notes => 'Moving two issues',
5607
        :private_notes => 'true'
5608
      }
5609

  
5610
    assert_response 403
5581 5611
  end
5582 5612

  
5583 5613
  def test_bulk_update_parent_id