Commit a708a797 authored by jplang's avatar jplang

Let user always see his private notes (#17632).

git-svn-id: https://svn.redmine.org/redmine/trunk@16181 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 7c3cb592
......@@ -32,11 +32,6 @@ class Issue < ActiveRecord::Base
belongs_to :category, :class_name => 'IssueCategory'
has_many :journals, :as => :journalized, :dependent => :destroy, :inverse_of => :journalized
has_many :visible_journals,
lambda {where(["(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(User.current, :view_private_notes)}))", false])},
:class_name => 'Journal',
:as => :journalized
has_many :time_entries, :dependent => :destroy
has_and_belongs_to_many :changesets, lambda {order("#{Changeset.table_name}.committed_on ASC, #{Changeset.table_name}.id ASC")}
......@@ -822,7 +817,12 @@ class Issue < ActiveRecord::Base
reorder(:created_on, :id).to_a
result.each_with_index {|j,i| j.indice = i+1}
result.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, project)
unless user.allowed_to?(:view_private_notes, project)
result.select! do |journal|
!journal.private_notes? || journal.user == user
end
end
Journal.preload_journals_details_custom_fields(result)
result.select! {|journal| journal.notes? || journal.visible_details.any?}
result
......
......@@ -47,9 +47,10 @@ class Journal < ActiveRecord::Base
scope :visible, lambda {|*args|
user = args.shift || User.current
private_notes_condition = Project.allowed_to_condition(user, :view_private_notes, *args)
joins(:issue => :project).
where(Issue.visible_condition(user, *args)).
where("(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(user, :view_private_notes, *args)}))", false)
where("(#{Journal.table_name}.private_notes = ? OR #{Journal.table_name}.user_id = ? OR (#{private_notes_condition}))", false, user.id)
}
safe_attributes 'notes',
......
......@@ -1605,6 +1605,20 @@ class IssuesControllerTest < Redmine::ControllerTest
assert_select "#change-#{journal.id}", 0
end
def test_show_should_display_private_notes_created_by_current_user
User.find(3).roles_for_project(Project.find(1)).each do |role|
role.remove_permission! :view_private_notes
end
visible = Journal.create!(:journalized => Issue.find(2), :notes => 'Private notes', :private_notes => true, :user_id => 3)
not_visible = Journal.create!(:journalized => Issue.find(2), :notes => 'Private notes', :private_notes => true, :user_id => 1)
@request.session[:user_id] = 3
get :show, :id => 2
assert_response :success
assert_select "#change-#{visible.id}", 1
assert_select "#change-#{not_visible.id}", 0
end
def test_show_atom
get :show, :id => 2, :format => 'atom'
assert_response :success
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment