diff --git a/app/models/journal.rb b/app/models/journal.rb index 7aed1d226..02cb8bab4 100644 --- a/app/models/journal.rb +++ b/app/models/journal.rb @@ -348,22 +348,27 @@ class Journal < ApplicationRecord end def add_watcher - if user&.active? && - user.allowed_to?(:add_issue_watchers, project) && - user.pref.auto_watch_on?('issue_contributed_to') && - !Watcher.any_watched?(Array.wrap(journalized), user) + if user.is_a?(User) && + user.pref.auto_watch_on?('issue_contributed_to') && + valid_watcher?(user) journalized.set_watcher(user, true) end assignee = journalized.assigned_to - if assignee.is_a?(User) && assignee&.active? && - assignee.allowed_to?(:add_issue_watchers, project) && + if assignee.is_a?(User) && assignee.pref.auto_watch_on?('issue_assigned_to_me') && - !Watcher.any_watched?(Array.wrap(journalized), assignee) + valid_watcher?(assignee) journalized.set_watcher(assignee, true) end end + def valid_watcher?(user) + user.active? && + user.allowed_to?(:add_issue_watchers, journalized.project) && + journalized.valid_watcher?(user) && + !journalized.watched_by?(user) + end + def send_notification if notify? && ( diff --git a/test/unit/journal_test.rb b/test/unit/journal_test.rb index fd19177b3..ceddf86aa 100644 --- a/test/unit/journal_test.rb +++ b/test/unit/journal_test.rb @@ -292,4 +292,22 @@ class JournalTest < ActiveSupport::TestCase # Role "Developer" does not have the "View private notes" permission assert_equal [1, 2], journal.notified_mentions.map(&:id).sort end + + def test_create_should_not_add_watcher_if_user_cannot_view_issue + user = User.generate! + project = Project.generate!(:is_public => false) + issue = Issue.generate!(:project => project) + + assert !user.allowed_to?(:view_issues, project) + + user.pref.auto_watch_on = ['issue_contributed_to'] + user.save + + journal = Journal.new(:journalized => issue, :notes => 'notes', :user => user) + + assert_no_difference 'Watcher.count' do + assert journal.save + end + assert !journal.journalized.watched_by?(user) + end end