meineerde/redmine
1
0
Fork 0
mirror of https://github.com/meineerde/redmine.git synced 2026-02-27 05:51:48 +00:00
Code Issues Releases Wiki Activity

Consider only roles with either add_issues or edit_issues permissions for any status transitions (#37635).

Browse Source 
Patch by Holger Just.


git-svn-id: https://svn.redmine.org/redmine/trunk@21817 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Go MAEDA 2022-09-17 06:14:27 +00:00
parent 12c7061416
commit d4b7634cc6
2 changed files with 29 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/models/issue.rb
View File

@ -677,9 +677,7 @@ class Issue < ActiveRecord::Base
def workflow_rule_by_attribute(user=nil) def workflow_rule_by_attribute(user=nil)
return @workflow_rule_by_attribute if @workflow_rule_by_attribute && user.nil? return @workflow_rule_by_attribute if @workflow_rule_by_attribute && user.nil?
user_real = user || User.current roles = roles_for_workflow(user || User.current)
roles = user_real.admin ? Role.all.to_a : user_real.roles_for_project(project)
roles = roles.select(&:consider_workflow?)
return {} if roles.empty? return {} if roles.empty?
result = {} result = {}
@ -1066,7 +1064,7 @@ class Issue < ActiveRecord::Base
statuses = [] statuses = []
statuses += IssueStatus.new_statuses_allowed( statuses += IssueStatus.new_statuses_allowed(
initial_status, initial_status,
user.admin ? Role.all.to_a : user.roles_for_project(project), roles_for_workflow(user),
tracker, tracker,
author == user, author == user,
assignee_transitions_allowed assignee_transitions_allowed
@ -2053,4 +2051,9 @@ class Issue < ActiveRecord::Base
Project Project
end end
end end
def roles_for_workflow(user)
roles = user.admin ? Role.all.to_a : user.roles_for_project(project)
roles.select(&:consider_workflow?)
end
end end

22
test/unit/issue_test.rb
View File

@ -859,6 +859,28 @@ class IssueTest < ActiveSupport::TestCase
assert_equal expected_statuses, issue.new_statuses_allowed_to(admin) assert_equal expected_statuses, issue.new_statuses_allowed_to(admin)
end end
def test_new_statuses_allowed_to_should_only_return_transitions_of_considered_workflows
issue = Issue.find(9)
WorkflowTransition.delete_all
WorkflowTransition.create!(:role_id => 1, :tracker_id => 1, :old_status_id => 1, :new_status_id => 2)
developer = Role.find(2)
developer.remove_permission! :edit_issues
developer.remove_permission! :add_issues
assert !developer.consider_workflow?
WorkflowTransition.create!(:role_id => 2, :tracker_id => 1, :old_status_id => 1, :new_status_id => 3)
# status 3 is not displayed
expected_statuses = IssueStatus.where(:id => [1, 2])
admin = User.find(1)
assert_equal expected_statuses, issue.new_statuses_allowed_to(admin)
author = User.find(8)
assert_equal expected_statuses, issue.new_statuses_allowed_to(author)
end
def test_new_statuses_allowed_to_should_return_allowed_statuses_when_copying def test_new_statuses_allowed_to_should_return_allowed_statuses_when_copying
Tracker.find(1).generate_transitions! :role_id => 1, :clear => true, 0 => [1, 3] Tracker.find(1).generate_transitions! :role_id => 1, :clear => true, 0 => [1, 3]