allow_watchers_and_contributers_access_to_issues_4.0.2.patch

for redmine 4.0.2 - Jacq Jacq, 2019-02-22 16:08

Download (7.74 KB)

View differences:

app/models/issue.rb 2016-04-06 10:05:57.755051963 +0200
132 132
        when 'own'
133 133
          user_ids = [user.id] + user.groups.pluck(:id).compact
134 134
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
135
        when 'own_watch'
136
          user_ids = [user.id] + user.groups.pluck(:id)
137
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue'))"
138
        when 'own_watch_contributed'
139
          user_ids = [user.id] + user.groups.pluck(:id)
140
          "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue') OR #{table_name}.id IN (SELECT journalized_id FROM journals where journalized_type = 'Issue' AND user_id=#{user.id} GROUP BY journalized_id))"
135 141
        else
136 142
          '1=0'
137 143
        end
......
159 159
          !self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to))
160 160
        when 'own'
161 161
          self.author == user || user.is_or_belongs_to?(assigned_to)
162
        when 'own_watch'
163
          self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user)
164
        when 'own_watch_contributed'
165
          self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user) || self.journals.where('journalized_id = ?', self.id).where('user_id = ?', user).count > 0
162 166
        else
163 167
          false
164 168
        end
app/models/role.rb 2016-04-06 10:05:57.755051963 +0200
38 38
  ISSUES_VISIBILITY_OPTIONS = [
39 39
    ['all', :label_issues_visibility_all],
40 40
    ['default', :label_issues_visibility_public],
41
    ['own', :label_issues_visibility_own]
41
    ['own', :label_issues_visibility_own],
42
    ['own_watch', :label_issues_visibility_own_watch],
43
    ['own_watch_contributed', :label_issues_visibility_own_watch_contributed]
42 44
  ]
43 45

  
44 46
  TIME_ENTRIES_VISIBILITY_OPTIONS = [
config/locales/en.yml 2016-04-06 10:12:27.884900611 +0200
465 465
  setting_new_item_menu_tab: Project menu tab for creating new objects
466 466
  setting_commit_logs_formatting: Apply text formatting to commit messages
467 467
  setting_timelog_required_fields: Required fields for time logs
468
  setting_enable_watcher_issue_visibility: Enable watcher issue visibility
468 469
  setting_close_duplicate_issues: Close duplicate issues automatically
469 470
  setting_time_entry_list_defaults: Timelog list defaults
470 471
  setting_timelog_accept_0_hours: Accept time logs with 0 hours
......
1032 1033
  label_font_proportional: Proportional font
1033 1034
  label_last_notes: Last notes
1034 1035
  label_nothing_to_preview: Nothing to preview
1036
  label_issues_visibility_own_watch: Issues created by, assigned to, or watched by the user
1037
  label_issues_visibility_own_watch_contributed: Issues created by, assigned to, watched by, or contributed to by the user
1035 1038

  
1036 1039
  button_login: Login
1037 1040
  button_submit: Submit
test/unit/issue_test.rb 2016-04-06 10:05:57.756051955 +0200
279 279
    assert_visibility_match user, issues
280 280
  end
281 281

  
282
  def test_visible_scope_for_non_member_with_own_watch_issues_visibility
283
    #Role.non_member.add_permission! :view_issues
284
    Role.non_member.update! :issues_visibility, 'own_watch'
285
    user = User.find(9)
286
    assert user.projects.empty?
287
    own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member')
288
    watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member')
289
    watching_issue.add_watcher(user)
290

  
291
    #assert_equal true, own_issue.visible?(user)
292
    #assert_equal true, watching_issue.visible?(user)
293
    assert_visibility_match user, [own_issue, watching_issue]
294
  end
295

  
296
  def test_visible_scope_for_non_member_with_own_watch_contributed_issues_visibility
297
    #Role.non_member.add_permission! :view_issues
298
    Role.non_member.update! :issues_visibility, 'own_watch_contributed'
299
    user = User.find(9)
300
    assert user.projects.empty?
301
    own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member')
302
    watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member')
303
    watching_issue.add_watcher(user)
304
    watching_issue.reload
305
    contributed_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue contributed by non member')
306
    journal = contributed_issue.init_journal(user)
307
    journal.notes = 'journal notes'
308
    journal.save!
309

  
310
    #assert_equal true, own_issue.visible?(user)
311
    #assert_equal true, watching_issue.visible?(user)
312
    #assert_equal true, contributed_issue.visible?(user)
313
    assert_visibility_match user, [own_issue, watching_issue, contributed_issue]
314
  end
315

  
282 316
  def test_visible_scope_for_non_member_without_view_issues_permissions
283 317
    # Non member user should not see issues without permission
284 318
    Role.non_member.remove_permission!(:view_issues)
......
357 390
        :assigned_to => group,
358 391
        :is_private => true)
359 392

  
360
      Role.find(2).update! :issues_visibility => 'default'
361
      issues = Issue.visible(User.find(8)).to_a
362
      assert issues.any?
363
      assert issues.include?(issue)
364

  
365
      Role.find(2).update! :issues_visibility => 'own'
366
      issues = Issue.visible(User.find(8)).to_a
367
      assert issues.any?
368
      assert_include issue, issues
369
    end
370
  end
393
      ['default', 'own', 'own_watch', 'own_watch_contributed'].each do |issue_visibility|
394
        Role.find(2).update! :issues_visibility => issue_visibility
395
        issues = Issue.visible(User.find(8)).to_a
396
        assert issues.any?
397
        assert issues.include?(issue)
398
      end
399
    end
400
  end
401

  
402
  def test_visible_scope_for_non_member_and_watcher_should_return_watching_issues
403
    user = User.find(9)
404
    assert user.projects.empty?
405
    Role.non_member.add_permission!(:view_issues)
406

  
407
    issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true)
408
    issue.add_watcher(user)
409

  
410
    ['own_watch', 'own_watch_contributed'].each do |issue_visibility|
411
      Role.non_member.update! :issues_visibility => issue_visibility
412
      issues = Issue.visible(user).to_a
413
      assert issues.any?
414
      assert issues.include?(issue)
415
    end
416
  end
417

  
418
  def test_visible_scope_for_non_member_and_contributer_should_return_contributing_issues
419
    user = User.find(9)
420
    assert user.projects.empty?
421
    Role.non_member.add_permission!(:view_issues)
422

  
423
    issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true)
424
    journal = issue.init_journal(user)
425
    journal.notes = 'journal notes'
426
    journal.save!
427

  
428
    Role.non_member.update! :issues_visibility, 'own_watch_contributed'
429
    issues = Issue.visible(user).to_a
430
  end
371 431

  
372 432
  def test_visible_scope_for_member_with_limited_tracker_ids
373 433
    role = Role.find(1)