From 33ed43191b4a26a1b15fc584d9af139b7c3a3ed1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marius=20B=C4=82LTEANU?= <marius.balteanu@zitec.com>
Date: Sun, 28 Apr 2024 11:10:40 +0300
Subject: [PATCH] Filter "Watcher is me" should also include issues watched by
 current user groups regardless @:view_issue_watchers@ permission (#40412).


diff --git a/app/models/issue_query.rb b/app/models/issue_query.rb
index 91678874e..e3fd8d466 100644
--- a/app/models/issue_query.rb
+++ b/app/models/issue_query.rb
@@ -528,7 +528,9 @@ class IssueQuery < Query
 
   def sql_for_watcher_id_field(field, operator, value)
     db_table = Watcher.table_name
-    me, others = value.partition {|id| ['0', User.current.id.to_s].include?(id)}
+    me_ids = [0, User.current.id]
+    me_ids = me_ids.concat(User.current.groups.pluck(:id))
+    me, others = value.partition {|id| me_ids.include?(id.to_i)}
     sql =
       if others.any?
         "SELECT #{Issue.table_name}.id FROM #{Issue.table_name} " +
diff --git a/test/unit/query_test.rb b/test/unit/query_test.rb
index 78205013a..2fe11a96c 100644
--- a/test/unit/query_test.rb
+++ b/test/unit/query_test.rb
@@ -1376,7 +1376,7 @@ class QueryTest < ActiveSupport::TestCase
     assert_equal Project.where(parent_id: bookmarks).ids, result.map(&:id).sort
   end
 
-  def test_filter_watched_issues
+  def test_filter_watched_issues_by_user
     User.current = User.find(1)
     query =
       IssueQuery.new(
@@ -1384,7 +1384,7 @@ class QueryTest < ActiveSupport::TestCase
         :filters => {
           'watcher_id' => {
             :operator => '=',
-            :values => ['me']
+            :values => [User.current.id]
           }
         }
       )
@@ -1394,13 +1394,17 @@ class QueryTest < ActiveSupport::TestCase
     assert_equal Issue.visible.watched_by(User.current).sort_by(&:id), result.sort_by(&:id)
   end
 
-  def test_filter_watched_issues_with_groups_also
+  def test_filter_watched_issues_by_me_should_include_user_groups
     user = User.find(2)
     group = Group.find(10)
     group.users << user
     Issue.find(3).add_watcher(user)
     Issue.find(7).add_watcher(group)
+    manager = Role.find(1)
+    # view_issue_watchers permission is not required to see watched issues by current user or user groups
+    manager.remove_permission! :view_issue_watchers
     User.current = user
+
     query =
       IssueQuery.new(
         :name => '_',
@@ -1412,6 +1416,7 @@ class QueryTest < ActiveSupport::TestCase
         }
       )
     result = find_issues_with_query(query)
+
     assert_not_nil result
     assert !result.empty?
     assert_equal [3, 7], result.sort_by(&:id).pluck(:id)
-- 
2.39.3 (Apple Git-146)