Anonymous users should always see public issues only (#11872).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@10437 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
30b3e796ff
commit
5328c4adcb
|
@ -84,25 +84,21 @@ class Issue < ActiveRecord::Base
|
|||
# Returns a SQL conditions string used to find all issues visible by the specified user
|
||||
def self.visible_condition(user, options={})
|
||||
Project.allowed_to_condition(user, :view_issues, options) do |role, user|
|
||||
case role.issues_visibility
|
||||
when 'all'
|
||||
nil
|
||||
when 'default'
|
||||
if user.logged?
|
||||
if user.logged?
|
||||
case role.issues_visibility
|
||||
when 'all'
|
||||
nil
|
||||
when 'default'
|
||||
user_ids = [user.id] + user.groups.map(&:id)
|
||||
"(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
|
||||
else
|
||||
"(#{table_name}.is_private = #{connection.quoted_false})"
|
||||
end
|
||||
when 'own'
|
||||
if user.logged?
|
||||
when 'own'
|
||||
user_ids = [user.id] + user.groups.map(&:id)
|
||||
"(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
|
||||
else
|
||||
'1=0'
|
||||
end
|
||||
else
|
||||
'1=0'
|
||||
"(#{table_name}.is_private = #{connection.quoted_false})"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -110,15 +106,19 @@ class Issue < ActiveRecord::Base
|
|||
# Returns true if usr or current user is allowed to view the issue
|
||||
def visible?(usr=nil)
|
||||
(usr || User.current).allowed_to?(:view_issues, self.project) do |role, user|
|
||||
case role.issues_visibility
|
||||
when 'all'
|
||||
true
|
||||
when 'default'
|
||||
!self.is_private? || (user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to)))
|
||||
when 'own'
|
||||
user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to))
|
||||
if user.logged?
|
||||
case role.issues_visibility
|
||||
when 'all'
|
||||
true
|
||||
when 'default'
|
||||
!self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to))
|
||||
when 'own'
|
||||
self.author == user || user.is_or_belongs_to?(assigned_to)
|
||||
else
|
||||
false
|
||||
end
|
||||
else
|
||||
false
|
||||
!self.is_private?
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -133,6 +133,11 @@ class Role < ActiveRecord::Base
|
|||
self.builtin != 0
|
||||
end
|
||||
|
||||
# Return true if the role is the anonymous role
|
||||
def anonymous?
|
||||
builtin == 2
|
||||
end
|
||||
|
||||
# Return true if the role is a project member role
|
||||
def member?
|
||||
!self.builtin?
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
<%= error_messages_for 'role' %>
|
||||
|
||||
<% unless @role.anonymous? %>
|
||||
<div class="box tabular">
|
||||
<% unless @role.builtin? %>
|
||||
<p><%= f.text_field :name, :required => true %></p>
|
||||
|
@ -11,6 +12,7 @@
|
|||
<%= select_tag(:copy_workflow_from, content_tag("option") + options_from_collection_for_select(@roles, :id, :name, params[:copy_workflow_from] || @copy_from.try(:id))) %></p>
|
||||
<% end %>
|
||||
</div>
|
||||
<% end %>
|
||||
|
||||
<h3><%= l(:label_permissions) %></h3>
|
||||
<div class="box tabular" id="permissions">
|
||||
|
|
|
@ -110,6 +110,14 @@ class RolesControllerTest < ActionController::TestCase
|
|||
assert_response :success
|
||||
assert_template 'edit'
|
||||
assert_equal Role.find(1), assigns(:role)
|
||||
assert_select 'select[name=?]', 'role[issues_visibility]'
|
||||
end
|
||||
|
||||
def test_edit_anonymous
|
||||
get :edit, :id => Role.anonymous.id
|
||||
assert_response :success
|
||||
assert_template 'edit'
|
||||
assert_select 'select[name=?]', 'role[issues_visibility]', 0
|
||||
end
|
||||
|
||||
def test_edit_invalid_should_respond_with_404
|
||||
|
|
Loading…
Reference in New Issue