Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fixes #3482 - read permission is not enough to display subscribed tickets in overviews.

Browse source
This commit is contained in:
Rolf Schmidt 2021-03-30 09:41:23 +02:00 committed by Thorsten Eckel
parent 76bb7f920e
commit 32b30ced5e
2 changed files with 32 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
app/models/ticket/overviews.rb
View file

@ -92,7 +92,8 @@ returns
return [] if overviews.blank? return [] if overviews.blank?
# get only tickets with permissions # get only tickets with permissions
access_condition = Ticket.access_condition(user, 'overview') access_condition = Ticket.access_condition(user, 'overview')
access_condition_read = Ticket.access_condition(user, 'read')
ticket_attributes = Ticket.new.attributes ticket_attributes = Ticket.new.attributes
list = [] list = []
@ -127,8 +128,13 @@ returns
end end
end end
overview_access_condition = access_condition
if overview.condition['ticket.mention_user_ids'].present?
overview_access_condition = access_condition_read
end
ticket_result = Ticket.distinct ticket_result = Ticket.distinct
.where(access_condition) .where(overview_access_condition)
.where(query_condition, *bind_condition) .where(query_condition, *bind_condition)
.joins(tables) .joins(tables)
.order(Arel.sql("#{order_by} #{direction}")) .order(Arel.sql("#{order_by} #{direction}"))
@ -142,7 +148,7 @@ returns
} }
end end
count = Ticket.distinct.where(access_condition).where(query_condition, *bind_condition).joins(tables).count() count = Ticket.distinct.where(overview_access_condition).where(query_condition, *bind_condition).joins(tables).count()
item = { item = {
overview: { overview: {
name: overview.name, name: overview.name,

23
spec/models/ticket/overviews_spec.rb
View file

@ -75,4 +75,27 @@ RSpec.describe Ticket::Overviews do
expect(result[0][:tickets].count).to be == 2 expect(result[0][:tickets].count).to be == 2
end end
end end
describe 'Mentions:' do
let(:group_read) { create(:group) }
let(:user_read) { create(:agent) }
let(:ticket) { create(:ticket, group: group_read) }
before do
user_read.group_names_access_map = {
group_read.name => 'read',
}
end
it 'does show read only tickets in overview because user is mentioned' do
create(:mention, mentionable: ticket, user: user_read)
result = described_class.index(user_read, ['my_subscribed_tickets'])
expect(result.first[:tickets].pluck(:id)).to eq([ticket.id])
end
it 'does not show read only tickets in overview' do
result = described_class.index(user_read, ['my_subscribed_tickets'])
expect(result.first[:tickets]).to eq([])
end
end
end end