fix_403_cm_new_watchers.patch

Andrey Lobanov (RedSoft), 2018-10-31 10:47

Download (2.21 KB)

View differences:

app/controllers/watchers_controller.rb (date 1540979006467)
93 93
      end
94 94
    elsif params[:project_id]
95 95
      @project = Project.visible.find_by_param(params[:project_id])
96
    elsif params[:project_ids]
97
      @projects = Project.visible.where(:identifier => params[:project_ids]).to_a
96 98
    end
97 99
  end
98 100

  
......
120 122
    scope = nil
121 123
    if params[:q].blank? && @project.present?
122 124
      scope = @project.users
125
    elsif @projects.present?
126
      user_ids = @projects.map { |p| p.users.map(&:id) }.flatten.uniq
127
      scope = User.where(:id => user_ids)
123 128
    else
124 129
      scope = User.all.limit(100)
125 130
    end
app/views/watchers/_new.html.erb (date 1540979062942)
12 12
    <% end  %>
13 13
  <% end %>
14 14
  <%= hidden_field_tag 'project_id', @project.id if @project %>
15
  <%= hidden_field_tag 'project_ids', @projects if @projects %>
15 16

  
16 17
  <p><%= label_tag 'user_search', l(:label_user_search) %><%= text_field_tag 'user_search', nil %></p>
17 18
  <%= javascript_tag "observeSearchfield('user_search', 'users_for_watcher', '#{ escape_javascript url_for(:controller => 'watchers',
18 19
                 :action => 'autocomplete_for_user',
19 20
                 :object_type => (watchables.present? ? watchables.first.class.name.underscore : nil),
20 21
                 :object_id => (watchables.present? && watchables.size == 1 ? watchables.first.id : nil),
21
                 :project_id => @project) }')" %>
22
                 :project_id => @project,
23
                 :project_ids => @projects) }')" %>
22 24

  
23 25
  <div id="users_for_watcher">
24 26
    <%= principals_check_box_tags('watcher[user_ids][]', users) %>