Fixed that Redmine::Activity::Fetcher should consider activity provider permission option if given (#18832).

git-svn-id: http://svn.redmine.org/redmine/trunk@13895 e93f8b46-1217-0410-a6f0-8f06a7374b81
2026-01-01 13:19:39 +00:00 · 2015-01-18 09:07:42 +00:00 · 2015-01-18 09:07:42 +00:00 · 886b9c14d0
commit 886b9c14d0
parent 5190fef9d6
3 changed files with 86 additions and 5 deletions
--- a/lib/redmine/activity.rb
+++ b/lib/redmine/activity.rb
@ -41,6 +41,12 @@ module Redmine
        @@default_event_types << event_type unless options[:default] == false
        @@providers[event_type] += providers
      end
+
+      def delete(event_type)
+        @@available_event_types.delete event_type
+        @@default_event_types.delete event_type
+        @@providers.delete(event_type)
+      end
    end
  end
 end
--- a/lib/redmine/activity/fetcher.rb
+++ b/lib/redmine/activity/fetcher.rb
@ -21,9 +21,6 @@ module Redmine
    class Fetcher
      attr_reader :user, :project, :scope

-      # Needs to be unloaded in development mode
-      @@constantized_providers = Hash.new {|h,k| h[k] = Redmine::Activity.providers[k].collect {|t| t.constantize } }
-
      def initialize(user, options={})
        options.assert_valid_keys(:project, :with_subprojects, :author)
        @user = user
@ -38,7 +35,25 @@ module Redmine
        return @event_types unless @event_types.nil?

        @event_types = Redmine::Activity.available_event_types
-        @event_types = @event_types.select {|o| @project.self_and_descendants.detect {|p| @user.allowed_to?("view_#{o}".to_sym, p)}} if @project
+        if @project
+          projects = @project.self_and_descendants
+          @event_types = @event_types.select do |event_type|
+            keep = false
+            constantized_providers(event_type).each do |provider|
+              options = provider.activity_provider_options[event_type]
+              permission = options[:permission]
+              unless options.key?(:permission)
+                permission ||= "view_#{event_type}".to_sym
+              end
+              if permission
+                keep |= projects.any? {|p| @user.allowed_to?(permission, p)}
+              else
+                keep = true
+              end
+            end
+            keep
+          end
+        end
        @event_types
      end

@ -88,7 +103,7 @@ module Redmine
      private

      def constantized_providers(event_type)
-        @@constantized_providers[event_type]
+        Redmine::Activity.providers[event_type].map(&:constantize)
      end
    end
  end
--- a/test/unit/activity_test.rb
+++ b/test/unit/activity_test.rb
@ -121,6 +121,66 @@ class ActivityTest < ActiveSupport::TestCase
    assert_equal content.page, content.event_group
  end

+  class TestActivityProviderWithPermission
+    def self.activity_provider_options
+      {'test' => {:permission => :custom_permission}}
+    end
+  end
+
+  class TestActivityProviderWithNilPermission
+    def self.activity_provider_options
+      {'test' => {:permission => nil}}
+    end
+  end
+
+  class TestActivityProviderWithoutPermission
+    def self.activity_provider_options
+      {'test' => {}}
+    end
+  end
+
+  class MockUser
+    def initialize(*permissions)
+      @permissions = permissions
+    end
+
+    def allowed_to?(permission, *args)
+      @permissions.include?(permission)
+    end
+  end
+
+  def test_event_types_should_consider_activity_provider_permission
+    Redmine::Activity.register 'test', :class_name => 'ActivityTest::TestActivityProviderWithPermission'
+    user = MockUser.new(:custom_permission)
+    f = Redmine::Activity::Fetcher.new(user, :project => Project.find(1))
+    assert_include 'test', f.event_types
+  ensure
+    Redmine::Activity.delete 'test'
+  end
+
+  def test_event_types_should_include_activity_provider_with_nil_permission
+    Redmine::Activity.register 'test', :class_name => 'ActivityTest::TestActivityProviderWithNilPermission'
+    user = MockUser.new()
+    f = Redmine::Activity::Fetcher.new(user, :project => Project.find(1))
+    assert_include 'test', f.event_types
+  ensure
+    Redmine::Activity.delete 'test'
+  end
+
+  def test_event_types_should_use_default_permission_for_activity_provider_without_permission
+    Redmine::Activity.register 'test', :class_name => 'ActivityTest::TestActivityProviderWithoutPermission'
+
+    user = MockUser.new()
+    f = Redmine::Activity::Fetcher.new(user, :project => Project.find(1))
+    assert_not_include 'test', f.event_types
+
+    user = MockUser.new(:view_test)
+    f = Redmine::Activity::Fetcher.new(user, :project => Project.find(1))
+    assert_include 'test', f.event_types
+  ensure
+    Redmine::Activity.delete 'test'
+  end
+
  private

  def find_events(user, options={})