From 479b519907e6b4ee223eaa1e31e881a5162eda64 Mon Sep 17 00:00:00 2001
From: Gregor Schmidt <schmidt@nach-vorne.eu>
Date: Mon, 12 Feb 2018 14:12:34 +0100
Subject: [PATCH] Ignore archived project memberships when calculating issue
 query visibility

---
 app/models/query.rb     | 5 +++--
 test/unit/query_test.rb | 5 +++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/app/models/query.rb b/app/models/query.rb
index 6c20cd992..319a0b8a8 100644
--- a/app/models/query.rb
+++ b/app/models/query.rb
@@ -319,9 +319,10 @@ class Query < ActiveRecord::Base
           " INNER JOIN #{table_name_prefix}queries_roles#{table_name_suffix} qr on qr.query_id = q.id" +
           " INNER JOIN #{MemberRole.table_name} mr ON mr.role_id = qr.role_id" +
           " INNER JOIN #{Member.table_name} m ON m.id = mr.member_id AND m.user_id = ?" +
+          " INNER JOIN #{Project.table_name} p ON p.id = m.project_id AND p.status <> ?" +
           " WHERE q.project_id IS NULL OR q.project_id = m.project_id))" +
         " OR #{table_name}.user_id = ?",
-        VISIBILITY_PUBLIC, VISIBILITY_ROLES, user.id, user.id)
+        VISIBILITY_PUBLIC, VISIBILITY_ROLES, user.id, Project::STATUS_ARCHIVED, user.id)
     elsif user.logged?
       scope.where("#{table_name}.visibility = ? OR #{table_name}.user_id = ?", VISIBILITY_PUBLIC, user.id)
     else
@@ -340,7 +341,7 @@ class Query < ActiveRecord::Base
       if project
         (user.roles_for_project(project) & roles).any?
       else
-        Member.where(:user_id => user.id).joins(:roles).where(:member_roles => {:role_id => roles.map(&:id)}).any?
+        user.memberships.joins(:member_roles).where(:member_roles => {:role_id => roles.map(&:id)}).any?
       end
     else
       user == self.user
diff --git a/test/unit/query_test.rb b/test/unit/query_test.rb
index cdf008a1f..bb5effdef 100644
--- a/test/unit/query_test.rb
+++ b/test/unit/query_test.rb
@@ -1790,6 +1790,11 @@ class QueryTest < ActiveSupport::TestCase
 
     assert q.visible?(User.find(1))
     assert IssueQuery.visible(User.find(1)).find_by_id(q.id)
+
+    # Should ignore archived project memberships
+    Project.find(1).archive
+    assert !q.visible?(User.find(3))
+    assert_nil IssueQuery.visible(User.find(3)).find_by_id(q.id)
   end
 
   def test_query_with_private_visibility_should_be_visible_to_owner
-- 
2.14.1