From 7ee0149326daeb783390ecd26a72c326b826e5c0 Mon Sep 17 00:00:00 2001 From: Max Horn Date: Tue, 18 Sep 2012 16:35:42 +0200 Subject: [PATCH 2/2] Fix bug with private issues submitted by or assigned to anon user --- app/models/issue.rb | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/app/models/issue.rb b/app/models/issue.rb index 96c3f85..d1acb7c 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -87,11 +87,19 @@ class Issue < ActiveRecord::Base when 'all' nil when 'default' - user_ids = [user.id] + user.groups.map(&:id) - "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" + if user.logged? + user_ids = [user.id] + user.groups.map(&:id) + "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" + else + "(#{table_name}.is_private = #{connection.quoted_false})" + end when 'own' - user_ids = [user.id] + user.groups.map(&:id) - "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" + if user.logged? + user_ids = [user.id] + user.groups.map(&:id) + "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" + else + '1=0' + end else '1=0' end @@ -105,9 +113,9 @@ class Issue < ActiveRecord::Base when 'all' true when 'default' - !self.is_private? || self.author == user || user.is_or_belongs_to?(assigned_to) + !self.is_private? || (user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to))) when 'own' - self.author == user || user.is_or_belongs_to?(assigned_to) + user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to)) else false end -- 1.7.12.503.g5976753