Fixes #3482 - read permission is not enough to display subscribed tickets in overviews.
This commit is contained in:
parent
76bb7f920e
commit
32b30ced5e
2 changed files with 32 additions and 3 deletions
|
@ -93,6 +93,7 @@ returns
|
||||||
|
|
||||||
# get only tickets with permissions
|
# get only tickets with permissions
|
||||||
access_condition = Ticket.access_condition(user, 'overview')
|
access_condition = Ticket.access_condition(user, 'overview')
|
||||||
|
access_condition_read = Ticket.access_condition(user, 'read')
|
||||||
|
|
||||||
ticket_attributes = Ticket.new.attributes
|
ticket_attributes = Ticket.new.attributes
|
||||||
list = []
|
list = []
|
||||||
|
@ -127,8 +128,13 @@ returns
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
overview_access_condition = access_condition
|
||||||
|
if overview.condition['ticket.mention_user_ids'].present?
|
||||||
|
overview_access_condition = access_condition_read
|
||||||
|
end
|
||||||
|
|
||||||
ticket_result = Ticket.distinct
|
ticket_result = Ticket.distinct
|
||||||
.where(access_condition)
|
.where(overview_access_condition)
|
||||||
.where(query_condition, *bind_condition)
|
.where(query_condition, *bind_condition)
|
||||||
.joins(tables)
|
.joins(tables)
|
||||||
.order(Arel.sql("#{order_by} #{direction}"))
|
.order(Arel.sql("#{order_by} #{direction}"))
|
||||||
|
@ -142,7 +148,7 @@ returns
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
count = Ticket.distinct.where(access_condition).where(query_condition, *bind_condition).joins(tables).count()
|
count = Ticket.distinct.where(overview_access_condition).where(query_condition, *bind_condition).joins(tables).count()
|
||||||
item = {
|
item = {
|
||||||
overview: {
|
overview: {
|
||||||
name: overview.name,
|
name: overview.name,
|
||||||
|
|
|
@ -75,4 +75,27 @@ RSpec.describe Ticket::Overviews do
|
||||||
expect(result[0][:tickets].count).to be == 2
|
expect(result[0][:tickets].count).to be == 2
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'Mentions:' do
|
||||||
|
let(:group_read) { create(:group) }
|
||||||
|
let(:user_read) { create(:agent) }
|
||||||
|
let(:ticket) { create(:ticket, group: group_read) }
|
||||||
|
|
||||||
|
before do
|
||||||
|
user_read.group_names_access_map = {
|
||||||
|
group_read.name => 'read',
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does show read only tickets in overview because user is mentioned' do
|
||||||
|
create(:mention, mentionable: ticket, user: user_read)
|
||||||
|
result = described_class.index(user_read, ['my_subscribed_tickets'])
|
||||||
|
expect(result.first[:tickets].pluck(:id)).to eq([ticket.id])
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does not show read only tickets in overview' do
|
||||||
|
result = described_class.index(user_read, ['my_subscribed_tickets'])
|
||||||
|
expect(result.first[:tickets]).to eq([])
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue