Fixed that watchers receive notifications for private comments without permission (#12286).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@10789 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2012-11-05 15:49:07 +00:00
parent 7f3cc6e38b
commit c8b722456c
4 changed files with 32 additions and 6 deletions

View File

@ -100,6 +100,14 @@ class Journal < ActiveRecord::Base
notified.map(&:mail)
end
def watcher_recipients
notified = journalized.notified_watchers
if private_notes?
notified = notified.select {|user| user.allowed_to?(:view_private_notes, journalized.project)}
end
notified.map(&:mail)
end
private
def split_private_notes

View File

@ -64,7 +64,7 @@ class Mailer < ActionMailer::Base
@author = journal.user
recipients = journal.recipients
# Watchers in cc
cc = issue.watcher_recipients - recipients
cc = journal.watcher_recipients - recipients
s = "[#{issue.project.name} - #{issue.tracker.name} ##{issue.id}] "
s << "(#{issue.status.name}) " if journal.new_value_for('status_id')
s << issue.subject

View File

@ -67,15 +67,18 @@ module Redmine
!!(user && self.watcher_user_ids.detect {|uid| uid == user.id })
end
# Returns an array of watchers' email addresses
def watcher_recipients
def notified_watchers
notified = watcher_users.active
notified.reject! {|user| user.mail_notification == 'none'}
notified.reject! {|user| user.mail.blank? || user.mail_notification == 'none'}
if respond_to?(:visible?)
notified.reject! {|user| !visible?(user)}
end
notified.collect(&:mail).compact
notified
end
# Returns an array of watchers' email addresses
def watcher_recipients
notified_watchers.collect(&:mail)
end
module ClassMethods; end

View File

@ -350,6 +350,21 @@ class MailerTest < ActiveSupport::TestCase
assert_equal %w(jsmith@somenet.foo), ActionMailer::Base.deliveries.last.bcc.sort
end
def test_issue_edit_should_send_private_notes_to_watchers_with_permission_only
Issue.find(1).set_watcher(User.find_by_login('someone'))
journal = Journal.find(1)
journal.private_notes = true
journal.save!
Role.non_member.add_permission! :view_private_notes
Mailer.issue_edit(journal).deliver
assert_include 'someone@foo.bar', ActionMailer::Base.deliveries.last.bcc.sort
Role.non_member.remove_permission! :view_private_notes
Mailer.issue_edit(journal).deliver
assert_not_include 'someone@foo.bar', ActionMailer::Base.deliveries.last.bcc.sort
end
def test_document_added
document = Document.find(1)
valid_languages.each do |lang|