Merged r15586 (#23172).

git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@15743 e93f8b46-1217-0410-a6f0-8f06a7374b81
2026-05-08 23:37:46 +02:00 · 2016-08-20 11:45:49 +00:00
parent 7a450e1b84
commit e8afae7cbc
5 changed files with 36 additions and 13 deletions
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -854,7 +854,7 @@ class Issue < ActiveRecord::Base

  # Users the issue can be assigned to
  def assignable_users
-    users = project.assignable_users.to_a
+    users = project.assignable_users(tracker).to_a
    users << author if author && author.active?
    users << assigned_to if assigned_to
    users.uniq.sort
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -512,16 +512,27 @@ class Project < ActiveRecord::Base
  end

  # Return a Principal scope of users/groups issues can be assigned to
-  def assignable_users
+  def assignable_users(tracker=nil)
+    return @assignable_users[tracker] if @assignable_users && @assignable_users[tracker]
+
    types = ['User']
    types << 'Group' if Setting.issue_group_assignment?

-    @assignable_users ||= Principal.
+    scope = Principal.
      active.
      joins(:members => :roles).
      where(:type => types, :members => {:project_id => id}, :roles => {:assignable => true}).
      uniq.
      sorted
+
+    if tracker
+      # Rejects users that cannot the view the tracker
+      roles = Role.where(:assignable => true).select {|role| role.permissions_tracker?(:view_issues, tracker)}
+      scope = scope.where(:roles => {:id => roles.map(&:id)})
+    end
+
+    @assignable_users ||= {}
+    @assignable_users[tracker] = scope
  end

  # Returns the mail addresses of users that should be always notified on project events
--- a/app/models/role.rb
+++ b/app/models/role.rb
@@ -222,6 +222,13 @@ class Role < ActiveRecord::Base
    permissions_all_trackers[permission.to_s].to_s != '0'
  end

+  # Returns true if permission is given for the tracker
+  # (explicitly or for all trackers)
+  def permissions_tracker?(permission, tracker)
+    permissions_all_trackers?(permission) ||
+      permissions_tracker_ids?(permission, tracker.try(:id))
+  end
+
  # Sets the trackers that are allowed for a permission.
  # tracker_ids can be an array of tracker ids or :all for
  # no restrictions.