From 382ca5055a3a28726b5b66cb79856fbeaaaf73e9 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Fri, 2 May 2014 07:32:41 +0000
Subject: [PATCH] Field set as read-only still available in the issues list
 context menu (#16755).

git-svn-id: http://svn.redmine.org/redmine/trunk@13124 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/context_menus_controller.rb      |  2 +-
 app/models/issue.rb                              |  5 +++++
 test/functional/context_menus_controller_test.rb | 12 ++++++++++++
 test/unit/issue_test.rb                          | 10 ++++++++++
 4 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/app/controllers/context_menus_controller.rb b/app/controllers/context_menus_controller.rb
index a17304880..2b174c016 100644
--- a/app/controllers/context_menus_controller.rb
+++ b/app/controllers/context_menus_controller.rb
@@ -55,7 +55,7 @@ class ContextMenusController < ApplicationController
 
     @options_by_custom_field = {}
     if @can[:edit]
-      custom_fields = @issues.map(&:available_custom_fields).reduce(:&).reject(&:multiple?)
+      custom_fields = @issues.map(&:editable_custom_fields).reduce(:&).reject(&:multiple?)
       custom_fields.each do |field|
         values = field.possible_values_options(@projects)
         if values.present?
diff --git a/app/models/issue.rb b/app/models/issue.rb
index 96c2b2197..3a3373ffd 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -483,6 +483,11 @@ class Issue < ActiveRecord::Base
     end
   end
 
+  # Returns the custom fields that can be edited by the given user
+  def editable_custom_fields(user=nil)
+    editable_custom_field_values(user).map(&:custom_field).uniq
+  end
+
   # Returns the names of attributes that are read-only for user or the current user
   # For users with multiple roles, the read-only fields are the intersection of
   # read-only fields of each role
diff --git a/test/functional/context_menus_controller_test.rb b/test/functional/context_menus_controller_test.rb
index 0dfea6eeb..b83c2d696 100644
--- a/test/functional/context_menus_controller_test.rb
+++ b/test/functional/context_menus_controller_test.rb
@@ -198,6 +198,18 @@ class ContextMenusControllerTest < ActionController::TestCase
     end
   end
 
+  def test_context_menu_should_show_enabled_custom_fields_for_the_role_only
+    enabled_cf = IssueCustomField.generate!(:field_format => 'bool', :is_for_all => true, :tracker_ids => [1], :visible => false, :role_ids => [1,2])
+    disabled_cf = IssueCustomField.generate!(:field_format => 'bool', :is_for_all => true, :tracker_ids => [1], :visible => false, :role_ids => [2])
+    issue = Issue.generate!(:project_id => 1, :tracker_id => 1)
+
+    @request.session[:user_id] = 2
+    get :issues, :ids => [issue.id]
+
+    assert_select "li.cf_#{enabled_cf.id}"
+    assert_select "li.cf_#{disabled_cf.id}", 0
+  end
+
   def test_context_menu_by_assignable_user_should_include_assigned_to_me_link
     @request.session[:user_id] = 2
     get :issues, :ids => [1]
diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb
index 35409d845..c4cf77c79 100644
--- a/test/unit/issue_test.rb
+++ b/test/unit/issue_test.rb
@@ -706,6 +706,16 @@ class IssueTest < ActiveSupport::TestCase
     assert values.detect {|value| value.custom_field == cf2}
   end
 
+  def test_editable_custom_fields_should_return_custom_field_that_is_enabled_for_the_role_only
+    enabled_cf = IssueCustomField.generate!(:is_for_all => true, :tracker_ids => [1], :visible => false, :role_ids => [1,2])
+    disabled_cf = IssueCustomField.generate!(:is_for_all => true, :tracker_ids => [1], :visible => false, :role_ids => [2])
+    user = User.find(2)
+    issue = Issue.new(:project_id => 1, :tracker_id => 1)
+
+    assert_include enabled_cf, issue.editable_custom_fields(user)
+    assert_not_include disabled_cf, issue.editable_custom_fields(user)
+  end
+
   def test_safe_attributes_should_accept_target_tracker_writable_fields
     WorkflowPermission.delete_all
     WorkflowPermission.create!(:old_status_id => 1, :tracker_id => 1,