Project

General

Profile

Feature #17747 » private_role_redmine_3.2.patch

Wim DePreter, 2016-03-09 14:43

View differences:

app/controllers/reports_controller.rb (working copy)
24 24
    @versions = @project.shared_versions.sort
25 25
    @priorities = IssuePriority.all.reverse
26 26
    @categories = @project.issue_categories
27
    @assignees = (Setting.issue_group_assignment? ? @project.principals : @project.users).sort
28
    @authors = @project.users.sort
27
    ## begin patch private role
28
    #@assignees = (Setting.issue_group_assignment? ? @project.principals : @project.users).sort
29
    @assignees = (Setting.issue_group_assignment? ? @project.principals : @project.users.visible).sort
30
    #@authors = @project.users.sort
31
    @authors = @project.users.visible.sort
32
    ## end patch private role
29 33
    @subprojects = @project.descendants.visible
30 34

  
31 35
    @issues_by_tracker = Issue.by_tracker(@project)
......
40 44
  end
41 45

  
42 46
  def issue_report_details
47
    ## begin patch private role
43 48
    case params[:detail]
49
    when "assigned_to", "author"
50
      unless User.current.admin?
51
        all_users = @project.users.active
52
        visible_users = all_users.visible
53
        if all_users.count != visible_users.count
54
          ## report/assigned_to and report/author contains all users 
55
          render_403
56
          return
57
        end 
58
      end
59
    end
60
    ## end patch private role
61

  
62
    case params[:detail]
44 63
    when "tracker"
45 64
      @field = "tracker_id"
46 65
      @rows = @project.trackers
app/controllers/users_controller.rb (working copy)
62 62
  end
63 63

  
64 64
  def show
65
    unless @user.visible?
66
      render_404
67
      return
68
    end
65
    ## begin patch private role (revert revision 13584 - if user with private role (or non-member?) acts on issue, user should be visible)
66
    #unless @user.visible?
67
    #  render_404
68
    #  return
69
    #end
70
    ## end patch private role
69 71

  
70 72
    # show projects based on current user visibility
71 73
    @memberships = @user.memberships.where(Project.visible_condition(User.current)).to_a
72 74

  
75
    ## begin patch private role (revert revision 13584)
76
    unless @user.visible?
77
      if !@user.active? || (@user != User.current  && @memberships.empty?)
78
        render_403
79
        return
80
      end
81
    end
82
    ## end patch private role
83

  
73 84
    respond_to do |format|
74 85
      format.html {
75 86
        events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
app/models/principal.rb (working copy)
54 54
        active
55 55
      else
56 56
        # self and members of visible projects
57
        active.where("#{table_name}.id = ? OR #{table_name}.id IN (SELECT user_id FROM #{Member.table_name} WHERE project_id IN (?))",
57
        ## begin patch private role
58
        #active.where("#{table_name}.id = ? OR #{table_name}.id IN (SELECT user_id FROM #{Member.table_name} WHERE project_id IN (?))",
59
        active.where("#{table_name}.id = ? OR #{table_name}.id IN (" +
60
          "SELECT m.user_id FROM #{Member.table_name} m" +
61
          " INNER JOIN #{MemberRole.table_name} mr ON m.id = mr.member_id" +
62
          " INNER JOIN #{Role.table_name} r ON mr.role_id = r.id" +
63
          " WHERE m.project_id IN (?) AND r.name NOT LIKE 'private.%')",
64
        ## end patch private role
58 65
          user.id, user.visible_project_ids
59 66
        )
60 67
      end
app/models/project.rb (working copy)
479 479
  # Returns a hash of project users grouped by role
480 480
  def users_by_role
481 481
    members.includes(:user, :roles).inject({}) do |h, m|
482
      m.roles.each do |r|
482
      ## begin patch private role
483
      #m.roles.each do |r|
484
      m.roles.non_private.each do |r|
485
      ## end patch private role
483 486
        h[r] ||= []
484 487
        h[r] << m.user
485 488
      end
......
510 513

  
511 514
    @assignable_users ||= Principal.
512 515
      active.
516
      ## begin patch private role
517
      visible.
518
      ## end patch private role
513 519
      joins(:members => :roles).
514 520
      where(:type => types, :members => {:project_id => id}, :roles => {:assignable => true}).
515 521
      uniq.
app/models/role.rb (working copy)
50 50
  ]
51 51

  
52 52
  scope :sorted, lambda { order(:builtin, :position) }
53
  scope :givable, lambda { order(:position).where(:builtin => 0) }
53
## begin patch private role
54
  #scope :givable, lambda { order(:position).where(:builtin => 0) }
55
  scope :givable, lambda {
56
    if User.current.admin?
57
      order(:position).where(:builtin => 0)
58
    else
59
      order(:position).non_private.where(:builtin => 0)
60
    end
61
  }
62

  
63
  scope :non_private, lambda { order(:position).where("#{table_name}.name NOT LIKE 'private.%'") }
64
## end patch private role
65

  
54 66
  scope :builtin, lambda { |*args|
55 67
    compare = (args.first == true ? 'not' : '')
56 68
    where("#{compare} builtin = 0")
(2-2/5)