fix_403_cm_new_watchers_v2.patch

Mizuki ISHIKAWA, 2018-12-21 06:22

Download (3.25 KB)

View differences:

app/controllers/watchers_controller.rb
120 120
    scope = nil
121 121
    if params[:q].blank? && @project.present?
122 122
      scope = @project.users
123
    elsif params[:q].blank? && @projects.present?
124
      user_ids = @projects.map { |p| p.users.map(&:id) }.flatten.uniq
125
      scope = User.where(:id => user_ids)
123 126
    else
124 127
      scope = User.all.limit(100)
125 128
    end
app/views/watchers/_new.html.erb
17 17
  <%= javascript_tag "observeSearchfield('user_search', 'users_for_watcher', '#{ escape_javascript url_for(:controller => 'watchers',
18 18
                 :action => 'autocomplete_for_user',
19 19
                 :object_type => (watchables.present? ? watchables.first.class.name.underscore : nil),
20
                 :object_id => (watchables.present? && watchables.size == 1 ? watchables.first.id : nil),
20
                 :object_id => (watchables.present? ? watchables.pluck(:id) : nil),
21 21
                 :project_id => @project) }')" %>
22 22

  
23 23
  <div id="users_for_watcher">
test/functional/watchers_controller_test.rb
244 244
    assert_select 'input[name=?][value="9"]', 'watcher[user_ids][]'
245 245
  end
246 246

  
247
  def test_autocomplete_for_user_without_keyword_with_multiple_watchables
248
    @request.session[:user_id] = 2
249
    User.find(2).roles.each { |role| role.add_permission! :add_issue_watchers }
250

  
251
    get :autocomplete_for_user, :params => {:object_type => 'issue', :object_id => [1, 4]}, :xhr => true
252

  
253
    # Return the users of the project to which object_id belongs.
254
    # issue 1: eCookbook, issue 4: OnlineStore
255
    assert_response :success
256
    assert_select 'input', :count => 3
257
    assert_select 'input[name=?][value="2"]', 'watcher[user_ids][]'
258
    assert_select 'input[name=?][value="3"]', 'watcher[user_ids][]'
259
    assert_select 'input[name=?][value="8"]', 'watcher[user_ids][]'
260
  end
261

  
262
  def test_autocomplete_for_user_with_keyword_and_multiple_watchables
263
    @request.session[:user_id] = 2
264
    User.find(2).roles.each { |role| role.add_permission! :add_issue_watchers }
265

  
266
    get :autocomplete_for_user, :params => {:object_type => 'issue', :object_id => [1, 4], :q => 'mi'}, :xhr => true
267

  
268
    # Ignore the project and return users matching "mi".
269
    assert_response :success
270
    assert_select 'input', :count => 4
271
    assert_select 'input[name=?][value="1"]', 'watcher[user_ids][]'
272
    assert_select 'input[name=?][value="2"]', 'watcher[user_ids][]'
273
    assert_select 'input[name=?][value="8"]', 'watcher[user_ids][]'
274
    assert_select 'input[name=?][value="9"]', 'watcher[user_ids][]'
275
  end
276

  
247 277
  def test_search_non_member_on_create
248 278
    @request.session[:user_id] = 2
249 279
    project = Project.find_by_name("ecookbook")