Skip to content

Commit

Permalink
Fixed: User with groups may not see issues assigned to him or to its …
Browse files Browse the repository at this point in the history 
…groups (#9478).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7771 e93f8b46-1217-0410-a6f0-8f06a7374b81
  • Loading branch information
@jplang
jplang committed Nov 11, 2011
1 parent a920184 commit 857cf5d
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 2 deletions.
4 changes: 2 additions & 2 deletions app/models/issue.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,10 +95,10 @@ def self.visible_condition(user, options={})
nil
when 'default'
user_ids = [user.id] + user.groups.map(&:id)
"(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids}))"
"(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
when 'own'
user_ids = [user.id] + user.groups.map(&:id)
"(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids}))"
"(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
else
'1=0'
end
Expand Down
23 changes: 23 additions & 0 deletions test/unit/issue_test.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,29 @@ def test_visible_scope_for_member
assert_visibility_match user, issues
end

def test_visible_scope_for_member_with_groups_should_return_assigned_issues
user = User.find(8)
assert user.groups.any?
Member.create!(:principal => user.groups.first, :project_id => 1, :role_ids => [2])
Role.non_member.remove_permission!(:view_issues)

issue = Issue.create(:project_id => 1, :tracker_id => 1, :author_id => 3,
:status_id => 1, :priority => IssuePriority.all.first,
:subject => 'Assignment test',
:assigned_to => user.groups.first,
:is_private => true)

Role.find(2).update_attribute :issues_visibility, 'default'
issues = Issue.visible(User.find(8)).all
assert issues.any?
assert issues.include?(issue)

Role.find(2).update_attribute :issues_visibility, 'own'
issues = Issue.visible(User.find(8)).all
assert issues.any?
assert issues.include?(issue)
end

def test_visible_scope_for_admin
user = User.find(1)
user.members.each(&:destroy)
Expand Down

0 comments on commit 857cf5d

Please sign in to comment.