allow_watchers_and_contributers_access_to_issues_4.1.0.patch

Jacq Jacq, 2020-02-17 14:23

Download (7.61 KB)

View differences:

app/models/issue.rb 2016-04-06 10:05:57.755051963 +0200
131 131
          when 'own'
132 132
            user_ids = [user.id] + user.groups.pluck(:id).compact
133 133
            "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
134
          when 'own_watch'
135
            user_ids = [user.id] + user.groups.pluck(:id)
136
            "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue'))"
137
          when 'own_watch_contributed'
138
            user_ids = [user.id] + user.groups.pluck(:id)
139
            "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}) OR #{table_name}.id IN (SELECT watchable_id FROM watchers WHERE user_id=#{user.id} AND watchable_type = 'Issue') OR #{table_name}.id IN (SELECT journalized_id FROM journals where journalized_type = 'Issue' AND user_id=#{user.id} GROUP BY journalized_id))"
134 140
          else
135 141
              '1=0'
136 142
          end
......
161 167
            !self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to))
162 168
          when 'own'
163 169
            self.author == user || user.is_or_belongs_to?(assigned_to)
170
          when 'own_watch'
171
            self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user)
172
          when 'own_watch_contributed'
173
            self.author == user || user.is_or_belongs_to?(assigned_to) || self.watched_by?(user) || self.journals.where('journalized_id = ?', self.id).where('user_id = ?', user).count > 0
164 174
          else
165 175
            false
166 176
          end
app/models/role.rb 2016-04-06 10:05:57.755051963 +0200
40 40
  ISSUES_VISIBILITY_OPTIONS = [
41 41
    ['all', :label_issues_visibility_all],
42 42
    ['default', :label_issues_visibility_public],
43
    ['own', :label_issues_visibility_own]
43
    ['own', :label_issues_visibility_own],
44
    ['own_watch', :label_issues_visibility_own_watch],
45
    ['own_watch_contributed', :label_issues_visibility_own_watch_contributed]
44 46
  ]
45 47

  
46 48
  TIME_ENTRIES_VISIBILITY_OPTIONS = [
config/locales/en.yml 2016-04-06 10:12:27.884900611 +0200
478 478
  setting_new_item_menu_tab: Project menu tab for creating new objects
479 479
  setting_commit_logs_formatting: Apply text formatting to commit messages
480 480
  setting_timelog_required_fields: Required fields for time logs
481
  setting_enable_watcher_issue_visibility: Enable watcher issue visibility
481 482
  setting_close_duplicate_issues: Close duplicate issues automatically
482 483
  setting_time_entry_list_defaults: Timelog list defaults
483 484
  setting_timelog_accept_0_hours: Accept time logs with 0 hours
......
1077 1078
  label_display_type_list: List
1078 1079
  label_display_type_board: Board
1079 1080
  label_my_bookmarks: My bookmarks
1081
  label_issues_visibility_own_watch: Issues created by, assigned to, or watched by the user
1082
  label_issues_visibility_own_watch_contributed: Issues created by, assigned to, watched by, or contributed to by the user
1080 1083

  
1081 1084
  button_login: Login
1082 1085
  button_submit: Submit
test/unit/issue_test.rb 2016-04-06 10:05:57.756051955 +0200
279 279
    assert_visibility_match user, issues
280 280
  end
281 281

  
282
  def test_visible_scope_for_non_member_with_own_watch_issues_visibility
283
    #Role.non_member.add_permission! :view_issues
284
    Role.non_member.update! :issues_visibility, 'own_watch'
285
    user = User.find(9)
286
    assert user.projects.empty?
287
    own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member')
288
    watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member')
289
    watching_issue.add_watcher(user)
290

  
291
    #assert_equal true, own_issue.visible?(user)
292
    #assert_equal true, watching_issue.visible?(user)
293
    assert_visibility_match user, [own_issue, watching_issue]
294
  end
295

  
296
  def test_visible_scope_for_non_member_with_own_watch_contributed_issues_visibility
297
    #Role.non_member.add_permission! :view_issues
298
    Role.non_member.update! :issues_visibility, 'own_watch_contributed'
299
    user = User.find(9)
300
    assert user.projects.empty?
301
    own_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => user.id, :subject => 'Issue by non member')
302
    watching_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue watched by non member')
303
    watching_issue.add_watcher(user)
304
    watching_issue.reload
305
    contributed_issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue contributed by non member')
306
    journal = contributed_issue.init_journal(user)
307
    journal.notes = 'journal notes'
308
    journal.save!
309

  
310
    #assert_equal true, own_issue.visible?(user)
311
    #assert_equal true, watching_issue.visible?(user)
312
    #assert_equal true, contributed_issue.visible?(user)
313
    assert_visibility_match user, [own_issue, watching_issue, contributed_issue]
314
  end
315

  
282 316
  def test_visible_scope_for_non_member_without_view_issues_permissions
283 317
    # Non member user should not see issues without permission
284 318
    Role.non_member.remove_permission!(:view_issues)
......
357 390
        :assigned_to => group,
358 391
        :is_private => true)
359 392

  
360
      Role.find(2).update! :issues_visibility => 'default'
361
      issues = Issue.visible(User.find(8)).to_a
362
      assert issues.any?
363
      assert issues.include?(issue)
364

  
365
      Role.find(2).update! :issues_visibility => 'own'
366
      issues = Issue.visible(User.find(8)).to_a
367
      assert issues.any?
368
      assert_include issue, issues
369
    end
370
  end
393
      ['default', 'own', 'own_watch', 'own_watch_contributed'].each do |issue_visibility|
394
        Role.find(2).update! :issues_visibility => issue_visibility
395
        issues = Issue.visible(User.find(8)).to_a
396
        assert issues.any?
397
        assert issues.include?(issue)
398
      end
399
    end
400
  end
401

  
402
  def test_visible_scope_for_non_member_and_watcher_should_return_watching_issues
403
    user = User.find(9)
404
    assert user.projects.empty?
405
    Role.non_member.add_permission!(:view_issues)
406

  
407
    issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true)
408
    issue.add_watcher(user)
409

  
410
    ['own_watch', 'own_watch_contributed'].each do |issue_visibility|
411
      Role.non_member.update! :issues_visibility => issue_visibility
412
      issues = Issue.visible(user).to_a
413
      assert issues.any?
414
      assert issues.include?(issue)
415
    end
416
  end
417

  
418
  def test_visible_scope_for_non_member_and_contributer_should_return_contributing_issues
419
    user = User.find(9)
420
    assert user.projects.empty?
421
    Role.non_member.add_permission!(:view_issues)
422

  
423
    issue = Issue.create!(:project_id => 1, :tracker_id => 1, :author_id => 1, :subject => 'Issue visible to watcher', :is_private => true)
424
    journal = issue.init_journal(user)
425
    journal.notes = 'journal notes'
426
    journal.save!
427

  
428
    Role.non_member.update! :issues_visibility, 'own_watch_contributed'
429
    issues = Issue.visible(user).to_a
430
  end
371 431

  
372 432
  def test_visible_scope_for_member_with_limited_tracker_ids
373 433
    role = Role.find(1)