|
19 | 19 |
|
20 | 20 | class JournalsControllerTest < ActionController::TestCase |
21 | 21 | fixtures :projects, :users, :members, :member_roles, :roles, :issues, :journals, :journal_details, :enabled_modules, |
22 | | - :trackers, :issue_statuses, :enumerations, :custom_fields, :custom_values, :custom_fields_projects |
| 22 | + :trackers, :issue_statuses, :enumerations, :custom_fields, :custom_values, :custom_fields_projects, :projects_trackers |
23 | 23 |
|
24 | 24 | def setup |
25 | 25 | User.current = nil |
@@ -51,6 +51,46 @@ def test_index_should_return_privates_notes_with_permission_only |
51 | 51 | assert_not_include journal, assigns(:journals) |
52 | 52 | end |
53 | 53 |
|
| 54 | + def test_index_should_show_visible_custom_fields_only |
| 55 | + Issue.destroy_all |
| 56 | + field_attributes = {:field_format => 'string', :is_for_all => true, :is_filter => true, :trackers => Tracker.all} |
| 57 | + @fields = [] |
| 58 | + @fields << (@field1 = IssueCustomField.create!(field_attributes.merge(:name => 'Field 1', :visible => true))) |
| 59 | + @fields << (@field2 = IssueCustomField.create!(field_attributes.merge(:name => 'Field 2', :visible => false, :role_ids => [1, 2]))) |
| 60 | + @fields << (@field3 = IssueCustomField.create!(field_attributes.merge(:name => 'Field 3', :visible => false, :role_ids => [1, 3]))) |
| 61 | + @issue = Issue.generate!( |
| 62 | + :author_id => 1, |
| 63 | + :project_id => 1, |
| 64 | + :tracker_id => 1, |
| 65 | + :custom_field_values => {@field1.id => 'Value0', @field2.id => 'Value1', @field3.id => 'Value2'} |
| 66 | + ) |
| 67 | + @issue.init_journal(User.find(1)) |
| 68 | + @issue.update_attribute :custom_field_values, {@field1.id => 'NewValue0', @field2.id => 'NewValue1', @field3.id => 'NewValue2'} |
| 69 | + |
| 70 | + |
| 71 | + user_with_role_on_other_project = User.generate! |
| 72 | + User.add_to_project(user_with_role_on_other_project, Project.find(2), Role.find(3)) |
| 73 | + users_to_test = { |
| 74 | + User.find(1) => [@field1, @field2, @field3], |
| 75 | + User.find(3) => [@field1, @field2], |
| 76 | + user_with_role_on_other_project => [@field1], # should see field1 only on Project 1 |
| 77 | + User.generate! => [@field1], |
| 78 | + User.anonymous => [@field1] |
| 79 | + } |
| 80 | + |
| 81 | + users_to_test.each do |user, visible_fields| |
| 82 | + get :index, :format => 'atom', :key => user.rss_key |
| 83 | + @fields.each_with_index do |field, i| |
| 84 | + if visible_fields.include?(field) |
| 85 | + assert_select "content[type=html]", { :text => /NewValue#{i}/, :count => 1 }, "User #{user.id} was not able to view #{field.name} in API" |
| 86 | + else |
| 87 | + assert_select "content[type=html]", { :text => /NewValue#{i}/, :count => 0 }, "User #{user.id} was able to view #{field.name} in API" |
| 88 | + end |
| 89 | + end |
| 90 | + end |
| 91 | + |
| 92 | + end |
| 93 | + |
54 | 94 | def test_diff_for_description_change |
55 | 95 | get :diff, :id => 3, :detail_id => 4 |
56 | 96 | assert_response :success |
|
0 commit comments