redmine_own_v.1.patch

created for redmine-0.9.4 - Oleg Volkov, 2010-05-02 17:09

Download (14.8 KB)

View differences:

redmine/app/controllers/issues_controller.rb 2010-05-02 10:11:27.212598237 +0400
104 104
  end
105 105
  
106 106
  def show
107
    return render_403 if !@issue.visible?
107 108
    @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
108 109
    @journals.each_with_index {|j,i| j.indice = i+1}
109 110
    @journals.reverse! if User.current.wants_comments_in_reverse_order?
redmine/app/models/issue.rb 2010-05-02 10:34:35.590504997 +0400
62 62
  after_save :create_journal
63 63
  
64 64
  # Returns true if usr or current user is allowed to view the issue
65
  def visible?(usr=nil)
66
    (usr || User.current).allowed_to?(:view_issues, self.project)
65
  def visible?(user=User.current)
66
    user.allowed_to?(:view_issues, self.project) || user.allowed_to?(:add_issues, self.project) && (author == user || assigned_to == user || watched_by?(user))
67 67
  end
68 68
  
69 69
  def after_initialize
redmine/app/models/query.rb 2010-05-02 12:51:48.021620769 +0400
346 346
    group_by_column.groupable
347 347
  end
348 348
  
349
  def project_statement
349
  def project_statement(own=nil)
350 350
    project_clauses = []
351 351
    if project && !@project.descendants.active.empty?
352 352
      ids = [project.id]
......
368 368
    elsif project
369 369
      project_clauses << "#{Project.table_name}.id = %d" % project.id
370 370
    end
371
    project_clauses <<  Project.allowed_to_condition(User.current, :view_issues)
371
    if own
372
      wt = Watcher.table_name
373
      uc = User.current.id.to_s
374
      project_clauses << '('+Project.allowed_to_condition(User.current, :view_issues)+' OR '+Project.allowed_to_condition(User.current, :add_issues)+
375
        " AND (#{Issue.table_name}.author_id=#{uc} OR "+
376
              "#{Issue.table_name}.assigned_to_id=#{uc} OR "+
377
              "#{Issue.table_name}.id IN (SELECT #{wt}.watchable_id FROM #{wt} WHERE #{wt}.watchable_type='Issue' AND user_id=#{uc}))"+")"
378
    else
379
      project_clauses << Project.allowed_to_condition(User.current, :view_issues)
380
    end
372 381
    project_clauses.join(' AND ')
373 382
  end
374 383

  
......
409 418
      
410 419
    end if filters and valid?
411 420
    
412
    (filters_clauses << project_statement).join(' AND ')
421
    (filters_clauses << project_statement(true)).join(' AND ')
413 422
  end
414 423
  
415 424
  # Returns the issue count
redmine/app/models/user.rb 2010-05-02 14:42:56.463242646 +0400
289 289
      
290 290
      roles = roles_for_project(project)
291 291
      return false unless roles
292
      roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
292
      roles.any? {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
293 293
      
294 294
    elsif options[:global]
295 295
      # Admin users are always authorized
......
297 297
      
298 298
      # authorize if user has at least one role that has this permission
299 299
      roles = memberships.collect {|m| m.roles}.flatten.uniq
300
      roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
300
      roles.any? {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
301 301
    else
302 302
      false
303 303
    end
redmine/lib/redmine.rb 2010-05-02 18:52:10.194070429 +0400
25 25

  
26 26
# Permissions
27 27
Redmine::AccessControl.map do |map|
28
  map.permission :view_project, {:projects => [:show, :activity]}, :public => true
28
  map.permission :view_project, {:projects => :show}, :public => true
29 29
  map.permission :search_project, {:search => :index}, :public => true
30 30
  map.permission :add_project, {:projects => :add}, :require => :loggedin
31 31
  map.permission :edit_project, {:projects => [:settings, :edit]}, :require => :member
......
38 38
    # Issue categories
39 39
    map.permission :manage_categories, {:projects => [:settings, :add_issue_category], :issue_categories => [:edit, :destroy]}, :require => :member
40 40
    # Issues
41
    map.permission :view_issues, {:projects => :roadmap, 
41
    map.permission :view_issues, {:projects => [:roadmap, :activity],
42 42
                                  :issues => [:index, :changes, :show, :context_menu],
43 43
                                  :versions => [:show, :status_by],
44 44
                                  :queries => :index,
45 45
                                  :reports => :issue_report}
46
    map.permission :add_issues, {:issues => [:new, :update_form]}
46
    map.permission :add_issues, {:issues => [:new, :update_form, :index, :show]}
47 47
    map.permission :edit_issues, {:issues => [:edit, :reply, :bulk_edit, :update_form]}
48 48
    map.permission :manage_issue_relations, {:issue_relations => [:new, :destroy]}
49 49
    map.permission :add_issue_notes, {:issues => [:edit, :reply]}
......
79 79

  
80 80
  map.project_module :documents do |map|
81 81
    map.permission :manage_documents, {:documents => [:new, :edit, :destroy, :add_attachment]}, :require => :loggedin
82
    map.permission :view_documents, :documents => [:index, :show, :download]
82
    map.permission :view_documents, :projects => :activity, :documents => [:index, :show, :download]
83 83
  end
84 84
  
85 85
  map.project_module :files do |map|
86 86
    map.permission :manage_files, {:projects => :add_file}, :require => :loggedin
87
    map.permission :view_files, :projects => :list_files, :versions => :download
87
    map.permission :view_files, :projects => [:list_files, :activity], :versions => :download
88 88
  end
89 89
    
90 90
  map.project_module :wiki do |map|
91 91
    map.permission :manage_wiki, {:wikis => [:edit, :destroy]}, :require => :member
92 92
    map.permission :rename_wiki_pages, {:wiki => :rename}, :require => :member
93 93
    map.permission :delete_wiki_pages, {:wiki => :destroy}, :require => :member
94
    map.permission :view_wiki_pages, :wiki => [:index, :special]
94
    map.permission :view_wiki_pages, :projects => :activity, :wiki => [:index, :special]
95 95
    map.permission :view_wiki_edits, :wiki => [:history, :diff, :annotate]
96 96
    map.permission :edit_wiki_pages, :wiki => [:edit, :preview, :add_attachment]
97 97
    map.permission :delete_wiki_pages_attachments, {}
......
100 100
    
101 101
  map.project_module :repository do |map|
102 102
    map.permission :manage_repository, {:repositories => [:edit, :committers, :destroy]}, :require => :member
103
    map.permission :browse_repository, :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph]
104
    map.permission :view_changesets, :repositories => [:show, :revisions, :revision]
103
    map.permission :browse_repository, :projects => :activity, :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph]
104
    map.permission :view_changesets, :projects => :activity, :repositories => [:show, :revisions, :revision]
105 105
    map.permission :commit_access, {}
106 106
  end
107 107

  
108 108
  map.project_module :boards do |map|
109 109
    map.permission :manage_boards, {:boards => [:new, :edit, :destroy]}, :require => :member
110 110
    map.permission :view_messages, {:boards => [:index, :show], :messages => [:show]}, :public => true
111
    map.permission :add_messages, {:messages => [:new, :reply, :quote]}
111
    map.permission :add_messages, {:projects => :activity, :messages => [:new, :reply, :quote]}
112 112
    map.permission :edit_messages, {:messages => :edit}, :require => :member
113 113
    map.permission :edit_own_messages, {:messages => :edit}, :require => :loggedin
114 114
    map.permission :delete_messages, {:messages => :destroy}, :require => :member
redmine/test/fixtures/issues.yml 2010-05-02 18:54:09.924727084 +0400
10 10
  category_id: 1
11 11
  description: Unable to print recipes
12 12
  tracker_id: 1
13
  assigned_to_id: 
13
  assigned_to_id:
14 14
  author_id: 2
15 15
  status_id: 1
16 16
  start_date: <%= 1.day.ago.to_date.to_s(:db) %>
......
86 86
  category_id: 
87 87
  description: This is an issue of a private subproject of cookbook
88 88
  tracker_id: 1
89
  assigned_to_id: 
89
  assigned_to_id: 12
90 90
  author_id: 2
91 91
  status_id: 1
92 92
  start_date: <%= Date.today.to_s(:db) %>
93
  due_date: <%= 1.days.from_now.to_date.to_s(:db) %>
94 93
issues_007: 
95 94
  created_on: <%= 10.days.ago.to_date.to_s(:db) %>
96 95
  project_id: 1
......
203 202
  assigned_to_id: 
204 203
  author_id: 2
205 204
  status_id: 1
205
issues_014:
206
  created_on: <%= 5.days.ago.to_date.to_s(:db) %>
207
  project_id: 5
208
  updated_on: <%= 2.days.ago.to_date.to_s(:db) %>
209
  priority_id: 5
210
  subject: Test own message
211
  id: 14
212
  fixed_version_id: 
213
  category_id: 
214
  description: Test own message
215
  tracker_id: 1
216
  assigned_to_id: 
217
  author_id: 12
218
  status_id: 1
redmine/test/fixtures/member_roles.yml 2010-05-02 11:23:54.235688297 +0400
47 47
  role_id: 2
48 48
  member_id: 10
49 49
  inherited_from: 10
50
member_roles_012: 
51
  id: 12
52
  role_id: 6
53
  member_id: 11
54
  inherited_from: 11
redmine/test/fixtures/members.yml 2010-05-02 14:02:44.426675930 +0400
60 60
  project_id: 2
61 61
  user_id: 8
62 62
  mail_notification: false
63
members_011: 
64
  id: 11
65
  created_on: 2006-07-19 19:35:33 +02:00
66
  project_id: 5
67
  user_id: 12
68
  mail_notification: false
redmine/test/fixtures/roles.yml 2010-05-02 11:30:00.746683471 +0400
181 181
    - :view_changesets
182 182

  
183 183
  position: 5
184
roles_006: 
185
  name: Reporter2
186
  id: 6
187
  builtin: 0
188
  permissions: |
189
    --- 
190
    - :add_issues
191

  
192
  position: 6
184 193

  
redmine/test/fixtures/users.yml 2010-05-02 13:37:29.807310462 +0400
152 152
  id: 11
153 153
  lastname: B Team
154 154
  type: Group
155
users_012: 
156
  id: 12
157
  created_on: 2006-07-19 19:33:19 +02:00
158
  status: 1
159
  last_login_on: 
160
  language: 'ru'
161
  hashed_password: 1
162
  updated_on: 2006-07-19 19:33:19 +02:00
163
  admin: false
164
  mail: vasia@foo.bar
165
  lastname: Vasia
166
  firstname: Pupkin
167
  auth_source_id: 
168
  mail_notification: false
169
  login: vasia
170
  type: User
155 171

  
156 172
  
redmine/test/fixtures/watchers.yml 2010-05-02 14:10:33.450735744 +0400
11 11
  watchable_type: Issue
12 12
  watchable_id: 2
13 13
  user_id: 1
14
watchers_004: 
15
  watchable_type: Issue
16
  watchable_id: 9
17
  user_id: 12
14 18
  
redmine/test/functional/issues_controller_test.rb 2010-05-02 14:11:07.723876157 +0400
411 411
  
412 412
  def test_show_should_deny_member_access_without_permission
413 413
    Role.find(1).remove_permission!(:view_issues)
414
    Role.find(1).remove_permission!(:add_issues)
414 415
    @request.session[:user_id] = 2
415 416
    get :show, :id => 1
416 417
    assert_response 403
......
458 459
    assert_not_nil assigns(:issue)
459 460
  end
460 461

  
462
  def test_show_own_issue_by_author
463
    @request.session[:user_id] = 12
464
    get :show, :id => 14
465
    assert_response :success
466
  end
467

  
468
  def test_show_own_issue_by_assigned
469
    @request.session[:user_id] = 12
470
    get :show, :id => 6
471
    assert_response :success
472
  end
473

  
474
  def test_show_own_issue_by_watcher
475
    @request.session[:user_id] = 12
476
    get :show, :id => 9
477
    assert_response :success
478
  end
479

  
480
  def test_show_should_deny_access_without_permission
481
    @request.session[:user_id] = 12
482
    get :show, :id => 10
483
    assert_response 403
484
  end
485

  
461 486
  def test_get_new
462 487
    @request.session[:user_id] = 2
463 488
    get :new, :project_id => 1, :tracker_id => 1
redmine/test/unit/issue_test.rb 2010-05-02 14:50:06.631821484 +0400
105 105
    assert issues.detect {|issue| !issue.project.is_public?}
106 106
  end
107 107
  
108
  def test_visible
109
    user=User.find(12)
110
    issue = Issue.new(:project_id => 5, :tracker_id => 1, :author_id => 2, :status_id => 1, :priority => IssuePriority.all.first, :subject => 'test_own', :description => 'IssueTest#test_own', :estimated_hours => '5:30')
111
    assert issue.save
112
    issue.reload
113
    # Test for user, with "View_issue"
114
    assert_equal true, issue.visible?(User.find(8))
115
    # Test for user, without "View issue", but with "Add issue"
116
    assert_equal false, issue.visible?(user)
117
    # Test for assinged user
118
    issue.assigned_to=user
119
    assert_equal true, issue.visible?(user)
120
    # Test for watcher
121
    issue.assigned_to=nil
122
    issue.add_watcher(user)
123
    assert_equal true, issue.visible?(user)
124
    # Test for author
125
    issue = Issue.new(:project_id => 5, :tracker_id => 1, :author_id => 12, :status_id => 1, :priority => IssuePriority.all.first, :subject => 'test_own', :description => 'IssueTest#test_own', :estimated_hours => '5:30')
126
    assert issue.save
127
    issue.reload
128
    assert_equal true, issue.visible?(user)
129
  end
130

  
108 131
  def test_errors_full_messages_should_include_custom_fields_errors
109 132
    field = IssueCustomField.find_by_name('Database')
110 133
    
redmine/test/unit/mailer_test.rb 2010-05-02 15:27:00.495894531 +0400
199 199
      user = User.find(9)
200 200
      Watcher.create!(:watchable => @issue, :user => user)
201 201
      Role.non_member.remove_permission!(:view_issues)
202
      Role.non_member.remove_permission!(:add_issues)
202 203
      assert Mailer.deliver_issue_add(@issue)
203 204
      assert !last_email.bcc.include?(user.mail)
204 205
    end