kolan
/
Redmine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixed: cross-project issue list should not show issues of projects for which the issue tracking module was disabled. 

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1907 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2008-09-25 18:51:03 +00:00
parent 21979cf68a
commit 394fc9c109
6 changed files with 88 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/models/project.rb
View File

@ -108,6 +108,12 @@ class Project < ActiveRecord::Base
def self.allowed_to_condition(user, permission, options={}) def self.allowed_to_condition(user, permission, options={})
statements = [] statements = []
base_statement = "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}" base_statement = "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"
if perm = Redmine::AccessControl.permission(permission)
unless perm.project_module.nil?
# If the permission belongs to a project module, make sure the module is enabled
base_statement << " AND EXISTS (SELECT em.id FROM #{EnabledModule.table_name} em WHERE em.name='#{perm.project_module}' AND em.project_id=#{Project.table_name}.id)"
end
end
if options[:project] if options[:project]
project_statement = "#{Project.table_name}.id = #{options[:project].id}" project_statement = "#{Project.table_name}.id = #{options[:project].id}"
project_statement << " OR #{Project.table_name}.parent_id = #{options[:project].id}" if options[:with_subprojects] project_statement << " OR #{Project.table_name}.parent_id = #{options[:project].id}" if options[:with_subprojects]

2
app/models/query.rb
View File

@ -277,7 +277,7 @@ class Query < ActiveRecord::Base
elsif project elsif project
project_clauses << "#{Project.table_name}.id = %d" % project.id project_clauses << "#{Project.table_name}.id = %d" % project.id
end end
project_clauses << Project.visible_by(User.current) project_clauses << Project.allowed_to_condition(User.current, :view_issues)
project_clauses.join(' AND ') project_clauses.join(' AND ')
end end

10
lib/redmine/access_control.rb
View File

@ -30,8 +30,15 @@ module Redmine
@permissions @permissions
end end
# Returns the permission of given name or nil if it wasn't found
# Argument should be a symbol
def permission(name)
permissions.detect {|p| p.name == name}
end
# Returns the actions that are allowed by the permission of given name
def allowed_actions(permission_name) def allowed_actions(permission_name)
perm = @permissions.detect {|p| p.name == permission_name} perm = permission(permission_name)
perm ? perm.actions : [] perm ? perm.actions : []
end end
@ -94,6 +101,7 @@ module Redmine
@actions << "#{controller}/#{actions}" @actions << "#{controller}/#{actions}"
end end
end end
@actions.flatten!
end end
def public? def public?

12
test/fixtures/enabled_modules.yml vendored
View File

@ -43,4 +43,16 @@ enabled_modules_011:
name: issue_tracking name: issue_tracking
project_id: 2 project_id: 2
id: 11 id: 11
enabled_modules_012:
name: time_tracking
project_id: 3
id: 12
enabled_modules_013:
name: issue_tracking
project_id: 3
id: 13
enabled_modules_014:
name: issue_tracking
project_id: 5
id: 14

11
test/functional/issues_controller_test.rb
View File

@ -62,6 +62,17 @@ class IssuesControllerTest < Test::Unit::TestCase
assert_no_tag :tag => 'a', :content => /Issue of a private subproject/ assert_no_tag :tag => 'a', :content => /Issue of a private subproject/
assert_no_tag :tag => 'a', :content => /Issue on project 2/ assert_no_tag :tag => 'a', :content => /Issue on project 2/
end end
def test_index_should_not_list_issues_when_module_disabled
EnabledModule.delete_all("name = 'issue_tracking' AND project_id = 1")
get :index
assert_response :success
assert_template 'index.rhtml'
assert_not_nil assigns(:issues)
assert_nil assigns(:project)
assert_no_tag :tag => 'a', :content => /Can't print recipes/
assert_tag :tag => 'a', :content => /Subproject issue/
end
def test_index_with_project def test_index_with_project
Setting.display_subprojects_issues = 0 Setting.display_subprojects_issues = 0

49
test/unit/lib/redmine/access_control_test.rb Normal file
View File

@ -0,0 +1,49 @@
# Redmine - project management software
# Copyright (C) 2006-2008 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require File.dirname(__FILE__) + '/../../../test_helper'
class Redmine::AccessControlTest < Test::Unit::TestCase
def setup
@access_module = Redmine::AccessControl
end
def test_permissions
perms = @access_module.permissions
assert perms.is_a?(Array)
assert perms.first.is_a?(Redmine::AccessControl::Permission)
end
def test_module_permission
perm = @access_module.permission(:view_issues)
assert perm.is_a?(Redmine::AccessControl::Permission)
assert_equal :view_issues, perm.name
assert_equal :issue_tracking, perm.project_module
assert perm.actions.is_a?(Array)
assert perm.actions.include?('issues/index')
end
def test_no_module_permission
perm = @access_module.permission(:edit_project)
assert perm.is_a?(Redmine::AccessControl::Permission)
assert_equal :edit_project, perm.name
assert_nil perm.project_module
assert perm.actions.is_a?(Array)
assert perm.actions.include?('projects/settings')
end
end