From 7ee38a95a0052ddc544137f32fcf9114e5ffabb9 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Wed, 14 May 2008 18:01:13 +0000 Subject: [PATCH] Fixed: Calendar and Gantt show private subprojects even if current user is not a member of them (#1217). git-svn-id: http://redmine.rubyforge.org/svn/trunk@1431 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/models/project.rb | 7 +++--- test/fixtures/issues.yml | 18 ++++++++++++++- test/functional/projects_controller_test.rb | 25 +++++++++++++++++++-- 3 files changed, 44 insertions(+), 6 deletions(-) diff --git a/app/models/project.rb b/app/models/project.rb index 96446964..8c32c856 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -73,9 +73,9 @@ class Project < ActiveRecord::Base def issues_with_subprojects(include_subprojects=false) conditions = nil - if include_subprojects && !active_children.empty? - ids = [id] + active_children.collect {|c| c.id} - conditions = ["#{Project.table_name}.id IN (#{ids.join(',')})"] + if include_subprojects + ids = [id] + child_ids + conditions = ["#{Project.table_name}.id IN (#{ids.join(',')}) AND #{Project.visible_by}"] end conditions ||= ["#{Project.table_name}.id = ?", id] # Quick and dirty fix for Rails 2 compatibility @@ -93,6 +93,7 @@ class Project < ActiveRecord::Base end def self.visible_by(user=nil) + user ||= User.current if user && user.admin? return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}" elsif user && user.memberships.any? diff --git a/test/fixtures/issues.yml b/test/fixtures/issues.yml index 4f42d93c..48195a7b 100644 --- a/test/fixtures/issues.yml +++ b/test/fixtures/issues.yml @@ -71,4 +71,20 @@ issues_005: assigned_to_id: author_id: 2 status_id: 1 - +issues_006: + created_on: <%= 1.minute.ago.to_date.to_s(:db) %> + project_id: 5 + updated_on: <%= 1.minute.ago.to_date.to_s(:db) %> + priority_id: 4 + subject: Issue of a private subproject + id: 6 + fixed_version_id: + category_id: + description: This is an issue of a private subproject of cookbook + tracker_id: 1 + assigned_to_id: + author_id: 2 + status_id: 1 + start_date: <%= Date.today.to_s(:db) %> + due_date: <%= 1.days.from_now.to_date.to_s(:db) %> + \ No newline at end of file diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb index 5af7b557..bebe96f2 100644 --- a/test/functional/projects_controller_test.rb +++ b/test/functional/projects_controller_test.rb @@ -29,6 +29,7 @@ class ProjectsControllerTest < Test::Unit::TestCase @controller = ProjectsController.new @request = ActionController::TestRequest.new @response = ActionController::TestResponse.new + @request.session[:user_id] = nil end def test_index @@ -237,11 +238,21 @@ class ProjectsControllerTest < Test::Unit::TestCase assert_not_nil assigns(:calendar) end - def test_calendar_with_subprojects + def test_calendar_with_subprojects_should_not_show_private_subprojects get :calendar, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2] assert_response :success assert_template 'calendar' assert_not_nil assigns(:calendar) + assert_no_tag :tag => 'a', :content => /#6/ + end + + def test_calendar_with_subprojects_should_show_private_subprojects + @request.session[:user_id] = 2 + get :calendar, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2] + assert_response :success + assert_template 'calendar' + assert_not_nil assigns(:calendar) + assert_tag :tag => 'a', :content => /#6/ end def test_gantt @@ -251,13 +262,23 @@ class ProjectsControllerTest < Test::Unit::TestCase assert_not_nil assigns(:events) end - def test_gantt_with_subprojects + def test_gantt_with_subprojects_should_not_show_private_subprojects get :gantt, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2] assert_response :success assert_template 'gantt.rhtml' assert_not_nil assigns(:events) + assert_no_tag :tag => 'a', :content => /#6/ end + def test_gantt_with_subprojects_should_show_private_subprojects + @request.session[:user_id] = 2 + get :gantt, :id => 1, :with_subprojects => 1, :tracker_ids => [1, 2] + assert_response :success + assert_template 'gantt.rhtml' + assert_not_nil assigns(:events) + assert_tag :tag => 'a', :content => /#6/ + end + def test_gantt_export_to_pdf get :gantt, :id => 1, :format => 'pdf' assert_response :success