Project

General

Profile

Download (7.41 KB)

Patch #14318 » allow_watchers_and_contributers_access_to_issues_3.3.0.patch

for Redmine 3.3.x - Tobias Fischer, 2017-08-08 16:23

View differences:

app/models/issue.rb 2016-04-06 10:05:57.755051963 +0200
130 130 
        when 'own'
131 131 
          user_ids = [user.id] + user.groups.map(&:id).compact
132 132 
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
133 
        when 'own_watch'
134 
          user_ids = [user.id] + user.groups.map(&:id)
135 
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue'))"
136 
        when 'own_watch_contributed'
137 
          user_ids = [user.id] + user.groups.map(&:id)
138 
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue') OR #{table_name}.id IN (SELECT journalized_id FROM journals where journalized_type = 'Issue' AND user_id=#{user.id} GROUP BY journalized_id))"
133 139 
        else
134 140 
          '1=0'
135 141 
        end
......
150 156 
          !self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to))
151 157 
        when 'own'
152 158 
          self.author == user || user.is_or_belongs_to?(assigned_to)
159 
        when 'own_watch'
160 
          self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user)
161 
        when 'own_watch_contributed'
162 
          self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user) || self.journals.where('journalized_id = ?', self.id).where('user_id = ?', user).count > 0
153 163 
        else
154 164 
          false
155 165 
        end
app/models/role.rb 2016-04-06 10:05:57.755051963 +0200
36 36 
  ISSUES_VISIBILITY_OPTIONS = [
37 37 
    ['all', :label_issues_visibility_all],
38 38 
    ['default', :label_issues_visibility_public],
39 
    ['own', :label_issues_visibility_own]
39 
    ['own', :label_issues_visibility_own],
40 
    ['own_watch', :label_issues_visibility_own_watch],
41 
    ['own_watch_contributed', :label_issues_visibility_own_watch_contributed]
40 42 
  ]
41 43 
  TIME_ENTRIES_VISIBILITY_OPTIONS = [
config/locales/en.yml 2016-04-06 10:12:27.884900611 +0200
446 446 
  setting_attachment_extensions_allowed: Allowed extensions
447 447 
  setting_attachment_extensions_denied: Disallowed extensions
448 448 
  setting_new_item_menu_tab: Project menu tab for creating new objects
449 
  setting_enable_watcher_issue_visibility: Enable watcher issue visibility
449 450 
  permission_add_project: Create project
450 451 
  permission_add_subprojects: Create subprojects
......
998 998 
  label_relations: Relations
999 999 
  label_new_project_issue_tab_enabled: Display the "New issue" tab
1000 1000 
  label_new_object_tab_enabled: Display the "+" drop-down
1001 
  label_issues_visibility_own_watch: Issues created by, assigned to, or watched by the user
1002 
  label_issues_visibility_own_watch_contributed: Issues created by, assigned to, watched by, or contributed to by the user
1001 1003 
  button_login: Login
1002 1004 
  button_submit: Submit
test/unit/issue_test.rb 2016-04-06 10:05:57.756051955 +0200
277 277 
    assert_visibility_match user, issues
278 278 
  end
279 
  def test_visible_scope_for_non_member_with_own_watch_issues_visibility
280 
    #Role.non_member.add_permission! :view_issues
281 
    Role.non_member.update_attribute :issues_visibility, 'own_watch'
282 
    user = User.find(9)
283 
    assert user.projects.empty?
284 
    own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member')
285 
    watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member')
286 
    watching_issue.add_watcher(user)
287 

  		




  
  288
  
    
    #assert_equal true, own_issue.visible?(user)

  		




  
  289
  
    
    #assert_equal true, watching_issue.visible?(user)

  		




  
  290
  
    
    assert_visibility_match user, [own_issue, watching_issue]

  		




  
  291
  
    
  end

  		




  
  292
  
    

  		




  
  293
  
    
  def test_visible_scope_for_non_member_with_own_watch_contributed_issues_visibility

  		




  
  294
  
    
    #Role.non_member.add_permission! :view_issues

  		




  
  295
  
    
    Role.non_member.update_attribute :issues_visibility, 'own_watch_contributed'

  		




  
  296
  
    
    user = User.find(9)

  		




  
  297
  
    
    assert user.projects.empty?

  		




  
  298
  
    
    own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member')

  		




  
  299
  
    
    watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member')

  		




  
  300
  
    
    watching_issue.add_watcher(user)

  		




  
  301
  
    
    watching_issue.reload

  		




  
  302
  
    
    contributed_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue contributed by non member')

  		




  
  303
  
    
    journal = contributed_issue.init_journal(user)

  		




  
  304
  
    
    journal.notes = 'journal notes'

  		




  
  305
  
    
    journal.save!

  		




  
  306
  
    

  		




  
  307
  
    
    #assert_equal true, own_issue.visible?(user)

  		




  
  308
  
    
    #assert_equal true, watching_issue.visible?(user)

  		




  
  309
  
    
    #assert_equal true, contributed_issue.visible?(user)

  		




  
  310
  
    
    assert_visibility_match user, [own_issue, watching_issue, contributed_issue]

  		




  
  311
  
    
  end

  		




  
  312
  
    

  		




  279
  313
  
    
  def test_visible_scope_for_non_member_without_view_issues_permissions

  		




  280
  314
  
    
    # Non member user should not see issues without permission

  		




  281
  315
  
    
    Role.non_member.remove_permission!(:view_issues)

  		




  ......




  331
  365
  
    
      :assigned_to => user.groups.first,

  		




  332
  366
  
    
      :is_private => true)

  		




  333
  
  
    
    Role.find(2).update_attribute :issues_visibility, 'default'

  		




  334
  
  
    
    issues = Issue.visible(User.find(8)).to_a

  		




  335
  
  
    
    assert issues.any?

  		




  336
  
  
    
    assert issues.include?(issue)

  		




  
  367
  
    
    ['default', 'own', 'own_watch', 'own_watch_contributed'].each do |issue_visibility|

  		




  
  368
  
    
      Role.find(2).update_attribute :issues_visibility, issue_visibility

  		




  
  369
  
    
      issues = Issue.visible(User.find(8)).to_a

  		




  
  370
  
    
      assert issues.any?

  		




  
  371
  
    
      assert_include issue, issues

  		




  
  372
  
    
    end

  		




  
  373
  
    
  end

  		




  337
  
  
    
    Role.find(2).update_attribute :issues_visibility, 'own'

  		




  338
  
  
    
    issues = Issue.visible(User.find(8)).to_a

  		




  
  374
  
    
  def test_visible_scope_for_non_member_and_watcher_should_return_watching_issues

  		




  
  375
  
    
    user = User.find(9)

  		




  
  376
  
    
    assert user.projects.empty?

  		




  
  377
  
    
    Role.non_member.add_permission!(:view_issues)

  		




  
  378
  
    

  		




  
  379
  
    
    issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true)

  		




  
  380
  
    
    issue.add_watcher(user)

  		




  
  381
  
    

  		




  
  382
  
    
    ['own_watch', 'own_watch_contributed'].each do |issue_visibility|

  		




  
  383
  
    
      Role.non_member.update_attribute :issues_visibility, issue_visibility

  		




  
  384
  
    
      issues = Issue.visible(user).to_a

  		




  
  385
  
    
      assert issues.any?

  		




  
  386
  
    
      assert_include issue, issues

  		




  
  387
  
    
    end

  		




  
  388
  
    
  end

  		




  
  389
  
    

  		




  
  390
  
    
  def test_visible_scope_for_non_member_and_contributer_should_return_contributing_issues

  		




  
  391
  
    
    user = User.find(9)

  		




  
  392
  
    
    assert user.projects.empty?

  		




  
  393
  
    
    Role.non_member.add_permission!(:view_issues)

  		




  
  394
  
    

  		




  
  395
  
    
    issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true)

  		




  
  396
  
    
    journal = issue.init_journal(user)

  		




  
  397
  
    
    journal.notes = 'journal notes'

  		




  
  398
  
    
    journal.save!

  		




  
  399
  
    

  		




  
  400
  
    
    Role.non_member.update_attribute :issues_visibility, 'own_watch_contributed'

  		




  
  401
  
    
    issues = Issue.visible(user).to_a

  		




  339
  402
  
    
    assert issues.any?

  		




  340
  403
  
    
    assert_include issue, issues

  		




  341
  404
  
    
  end

  		















  (6-6/15)