Defect #9500

Watchers list before and after creation issue

Added by Boris Ershov over 5 years ago. Updated over 4 years ago.

Status:NewStart date:2011-10-31
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Issues
Target version:-
Resolution: Affected version:1.2.1

Description

Hello!

When I'm creating a new issue - I can add as watchers all users in current project (with all "issues visibility" permissions), but after creation issue I can add watchers only with "All non private issues" in "Issues visibility" (new issue is not private).
Can you tell me how can I fix it? I need to have the same list of the watchers before and after creation issue.

I have Redmine 1.2.1.

Thank you!


Related issues

Related to Redmine - Defect #15123: "Add watcher" leaks all active users Closed
Related to Redmine - Feature #11724: Prevent users from seeing other users based on their proj... Closed

History

#1 Updated by Etienne Massip over 5 years ago

  • Category set to Issues

#2 Updated by Etienne Massip over 5 years ago

  • Affected version (unused) set to 1.2.1
  • Affected version set to 1.2.1

#3 Updated by Mischa The Evil over 5 years ago

I can confirm this issue. I came around this first while doing research for #9330 but failed to report it properly yet :-/

What I can remember of this is that this is due to the fact that the used add-watcher mechanism is different at both states (during issue creation and after issue creation).

During issue creation the addable watcher users are retrieved via source:/trunk/app/views/issues/_form.html.erb@7791#L32 which proposes all members of the project wherein the issue is being created as addable watcher users:

<% @issue.project.users.sort.each do |user| -%>

After issue creation the addable watcher users are retrieved via source:/trunk/app/views/watchers/_watchers.html.erb@7791#L19 which correctly proposes only the users who have actual permission to watch the to-be watched object as addable watcher users:
<p><%= f.select :user_id, (watched.addable_watcher_users.collect {|m| [m.name, m.id]}), :prompt => "--- #{l(:actionview_instancetag_blank_option)} ---" %>

This "way of retrieving" addable watcher users has some extras like:
  • r3170, Users can not watch what they are not allowed to view.
  • r5876, Users that can't view an issue are not proposed as watchers
  • r5880, Fixed: validation error on issue creation when trying to add an invalid user as a watcher

Based on the above I'd suggest to change the way how addable watcher users are retrieved during issue creation. Instead of proposing @issue.project.users I think it would be better if watched.addable_watcher_users is being proposed.

Hope this is of any use...

#4 Updated by Peter Brogren over 5 years ago

I can also confirm the issue, and do agree with the original reporter that this is an issue. My reasoning is that while I agree with what Mischa is saying about not suggesting to add watchers that don't have the permission, if I have the permission to add others as watchers I think I should get the full list of people that belong to the project to choose from. So, there should be two separate cases depending on whether I have permission to add others as watchers or not.

The typical case, which I'd say will happen quite regularly, is that an issue is marked as private and as the bug gets worked on I realize I want to add someone as a watcher that wasn't included from the start.

I agree with point r3170 above with the addition "unless someone with permission to add watchers adds them".

#5 Updated by Terence Mill over 5 years ago

+1

#6 Updated by Stanislav Židek over 4 years ago

I would also be glad if you cannot add a watcher to whom the issue would not be visible also at the time of issue creation.

#7 Updated by Toshi MARUYAMA almost 4 years ago

  • Related to Defect #15123: "Add watcher" leaks all active users added

#8 Updated by Toshi MARUYAMA over 3 years ago

  • Related to Feature #11724: Prevent users from seeing other users based on their project membership added

Also available in: Atom PDF