diff --git a/app/models/journal.rb b/app/models/journal.rb index 3e846aeb..7a36b12f 100644 --- a/app/models/journal.rb +++ b/app/models/journal.rb @@ -1,5 +1,5 @@ -# redMine - project management software -# Copyright (C) 2006 Jean-Philippe Lang +# Redmine - project management software +# Copyright (C) 2006-2011 Jean-Philippe Lang # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -38,6 +38,11 @@ class Journal < ActiveRecord::Base :conditions => "#{Journal.table_name}.journalized_type = 'Issue' AND" + " (#{JournalDetail.table_name}.prop_key = 'status_id' OR #{Journal.table_name}.notes <> '')"} + named_scope :visible, lambda {|*args| { + :include => {:issue => :project}, + :conditions => Issue.visible_condition(args.first || User.current) + }} + def save(*args) # Do not save an empty journal (details.empty? && notes.blank?) ? false : super diff --git a/test/unit/journal_test.rb b/test/unit/journal_test.rb index 67e719df..2a1c2842 100644 --- a/test/unit/journal_test.rb +++ b/test/unit/journal_test.rb @@ -1,5 +1,5 @@ -# redMine - project management software -# Copyright (C) 2006-2007 Jean-Philippe Lang +# Redmine - project management software +# Copyright (C) 2006-2011 Jean-Philippe Lang # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -18,7 +18,7 @@ require File.expand_path('../../test_helper', __FILE__) class JournalTest < ActiveSupport::TestCase - fixtures :issues, :issue_statuses, :journals, :journal_details + fixtures :projects, :issues, :issue_statuses, :journals, :journal_details, :users, :members, :member_roles def setup @journal = Journal.find 1 @@ -46,5 +46,45 @@ class JournalTest < ActiveSupport::TestCase assert journal.save assert_equal 1, ActionMailer::Base.deliveries.size end - + + def test_visible_scope_for_anonymous + # Anonymous user should see issues of public projects only + journals = Journal.visible(User.anonymous).all + assert journals.any? + assert_nil journals.detect {|journal| !journal.issue.project.is_public?} + # Anonymous user should not see issues without permission + Role.anonymous.remove_permission!(:view_issues) + journals = Journal.visible(User.anonymous).all + assert journals.empty? + end + + def test_visible_scope_for_user + user = User.find(9) + assert user.projects.empty? + # Non member user should see issues of public projects only + journals = Journal.visible(user).all + assert journals.any? + assert_nil journals.detect {|journal| !journal.issue.project.is_public?} + # Non member user should not see issues without permission + Role.non_member.remove_permission!(:view_issues) + user.reload + journals = Journal.visible(user).all + assert journals.empty? + # User should see issues of projects for which he has view_issues permissions only + Member.create!(:principal => user, :project_id => 1, :role_ids => [1]) + user.reload + journals = Journal.visible(user).all + assert journals.any? + assert_nil journals.detect {|journal| journal.issue.project_id != 1} + end + + def test_visible_scope_for_admin + user = User.find(1) + user.members.each(&:destroy) + assert user.projects.empty? + journals = Journal.visible(user).all + assert journals.any? + # Admin should see issues on private projects that he does not belong to + assert journals.detect {|journal| !journal.issue.project.is_public?} + end end