kolan/Redmine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixed: User#allowed_to? returning true in any case if array of projects had only one item (#5332)

Browse Source 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4233 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Baptiste Barth 2010-10-06 05:08:31 +00:00
parent e13790c62c
commit e59c927ee5
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/models/user.rb
View File

@ -368,8 +368,10 @@ class User < Principal
elsif project && project.is_a?(Array) elsif project && project.is_a?(Array)
# Authorize if user is authorized on every element of the array # Authorize if user is authorized on every element of the array
project.inject do |memo,p| project.map do |p|
memo && allowed_to?(action,p,options) allowed_to?(action,p,options)
end.inject do |memo,p|
memo && p
end end
elsif options[:global] elsif options[:global]
# Admin users are always authorized # Admin users are always authorized

4
test/unit/user_test.rb
View File

@ -408,6 +408,10 @@ class UserTest < ActiveSupport::TestCase
assert @jsmith.allowed_to?(:edit_issues, @jsmith.projects) #Manager or Developer everywhere assert @jsmith.allowed_to?(:edit_issues, @jsmith.projects) #Manager or Developer everywhere
assert ! @jsmith.allowed_to?(:delete_issue_watchers, @jsmith.projects) #Dev cannot delete_issue_watchers assert ! @jsmith.allowed_to?(:delete_issue_watchers, @jsmith.projects) #Dev cannot delete_issue_watchers
end end
should "behave correctly with arrays of 1 project" do
assert ! User.anonymous.allowed_to?(:delete_issues, [Project.first])
end
end end
context "with options[:global]" do context "with options[:global]" do