Fixed: Calendar and Gantt show private subprojects even if current user is not a member of them (#1217).
git-svn-id: http://redmine.rubyforge.org/svn/trunk@1431 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
06e44b8e64
commit
7ee38a95a0
|
@ -73,9 +73,9 @@ class Project < ActiveRecord::Base
|
||||||
|
|
||||||
def issues_with_subprojects(include_subprojects=false)
|
def issues_with_subprojects(include_subprojects=false)
|
||||||
conditions = nil
|
conditions = nil
|
||||||
if include_subprojects && !active_children.empty?
|
if include_subprojects
|
||||||
ids = [id] + active_children.collect {|c| c.id}
|
ids = [id] + child_ids
|
||||||
conditions = ["#{Project.table_name}.id IN (#{ids.join(',')})"]
|
conditions = ["#{Project.table_name}.id IN (#{ids.join(',')}) AND #{Project.visible_by}"]
|
||||||
end
|
end
|
||||||
conditions ||= ["#{Project.table_name}.id = ?", id]
|
conditions ||= ["#{Project.table_name}.id = ?", id]
|
||||||
# Quick and dirty fix for Rails 2 compatibility
|
# Quick and dirty fix for Rails 2 compatibility
|
||||||
|
@ -93,6 +93,7 @@ class Project < ActiveRecord::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.visible_by(user=nil)
|
def self.visible_by(user=nil)
|
||||||
|
user ||= User.current
|
||||||
if user && user.admin?
|
if user && user.admin?
|
||||||
return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"
|
return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"
|
||||||
elsif user && user.memberships.any?
|
elsif user && user.memberships.any?
|
||||||
|
|
|
@ -71,4 +71,20 @@ issues_005:
|
||||||
assigned_to_id:
|
assigned_to_id:
|
||||||
author_id: 2
|
author_id: 2
|
||||||
status_id: 1
|
status_id: 1
|
||||||
|
issues_006:
|
||||||
|
created_on: <%= 1.minute.ago.to_date.to_s(:db) %>
|
||||||
|
project_id: 5
|
||||||
|
updated_on: <%= 1.minute.ago.to_date.to_s(:db) %>
|
||||||
|
priority_id: 4
|
||||||
|
subject: Issue of a private subproject
|
||||||
|
id: 6
|
||||||
|
fixed_version_id:
|
||||||
|
category_id:
|
||||||
|
description: This is an issue of a private subproject of cookbook
|
||||||
|
tracker_id: 1
|
||||||
|
assigned_to_id:
|
||||||
|
author_id: 2
|
||||||
|
status_id: 1
|
||||||
|
start_date: <%= Date.today.to_s(:db) %>
|
||||||
|
due_date: <%= 1.days.from_now.to_date.to_s(:db) %>
|
||||||
|
|
|
@ -29,6 +29,7 @@ class ProjectsControllerTest < Test::Unit::TestCase
|
||||||
@controller = ProjectsController.new
|
@controller = ProjectsController.new
|
||||||
@request = ActionController::TestRequest.new
|
@request = ActionController::TestRequest.new
|
||||||
@response = ActionController::TestResponse.new
|
@response = ActionController::TestResponse.new
|
||||||
|
@request.session[:user_id] = nil
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_index
|
def test_index
|
||||||
|
@ -237,11 +238,21 @@ class ProjectsControllerTest < Test::Unit::TestCase
|
||||||
assert_not_nil assigns(:calendar)
|
assert_not_nil assigns(:calendar)
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_calendar_with_subprojects
|
def test_calendar_with_subprojects_should_not_show_private_subprojects
|
||||||
get :calendar, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2]
|
get :calendar, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2]
|
||||||
assert_response :success
|
assert_response :success
|
||||||
assert_template 'calendar'
|
assert_template 'calendar'
|
||||||
assert_not_nil assigns(:calendar)
|
assert_not_nil assigns(:calendar)
|
||||||
|
assert_no_tag :tag => 'a', :content => /#6/
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_calendar_with_subprojects_should_show_private_subprojects
|
||||||
|
@request.session[:user_id] = 2
|
||||||
|
get :calendar, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2]
|
||||||
|
assert_response :success
|
||||||
|
assert_template 'calendar'
|
||||||
|
assert_not_nil assigns(:calendar)
|
||||||
|
assert_tag :tag => 'a', :content => /#6/
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_gantt
|
def test_gantt
|
||||||
|
@ -251,13 +262,23 @@ class ProjectsControllerTest < Test::Unit::TestCase
|
||||||
assert_not_nil assigns(:events)
|
assert_not_nil assigns(:events)
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_gantt_with_subprojects
|
def test_gantt_with_subprojects_should_not_show_private_subprojects
|
||||||
get :gantt, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2]
|
get :gantt, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2]
|
||||||
assert_response :success
|
assert_response :success
|
||||||
assert_template 'gantt.rhtml'
|
assert_template 'gantt.rhtml'
|
||||||
assert_not_nil assigns(:events)
|
assert_not_nil assigns(:events)
|
||||||
|
assert_no_tag :tag => 'a', :content => /#6/
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_gantt_with_subprojects_should_show_private_subprojects
|
||||||
|
@request.session[:user_id] = 2
|
||||||
|
get :gantt, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2]
|
||||||
|
assert_response :success
|
||||||
|
assert_template 'gantt.rhtml'
|
||||||
|
assert_not_nil assigns(:events)
|
||||||
|
assert_tag :tag => 'a', :content => /#6/
|
||||||
|
end
|
||||||
|
|
||||||
def test_gantt_export_to_pdf
|
def test_gantt_export_to_pdf
|
||||||
get :gantt, :id => 1, :format => 'pdf'
|
get :gantt, :id => 1, :format => 'pdf'
|
||||||
assert_response :success
|
assert_response :success
|
||||||
|
|
Loading…
Reference in New Issue