Merge pull request #1642 from opf/fix/view-watch-list-permission

pull/1661/head
Hagen Schink 10 years ago
commit db1ee0b009
  1. 4
      app/assets/javascripts/angular/work_packages/controllers/work-package-details-controller.js
  2. 24
      karma/tests/controllers/work-package-details-controller-test.js
  3. 2
      lib/api/v3/work_packages/work_package_representer.rb
  4. 3
      public/templates/work_packages.list.details.html
  5. 16
      spec/lib/api/v3/work_packages/work_package_representer_spec.rb

@ -127,6 +127,10 @@ angular.module('openproject.workPackages.controllers')
.then(refreshWorkPackage, outputError);
};
$scope.canViewWorkPackageWatchers = function() {
return !!($scope.workPackage && $scope.workPackage.embedded.watchers !== undefined);
};
function displayedActivities(workPackage) {
var activities = workPackage.embedded.activities;
activities.splice(0, 1); // remove first activity (assumes activities are sorted chronologically)

@ -121,6 +121,30 @@ describe('WorkPackageDetailsController', function() {
});
});
describe('#scope.canViewWorkPackageWatchers', function() {
describe('when the work package does not contain the embedded watchers property', function() {
beforeEach(function() {
workPackage.embedded.watchers = undefined;
buildController();
})
it('returns false', function() {
expect(scope.canViewWorkPackageWatchers()).to.be.false;
});
});
describe('when the work package contains the embedded watchers property', function() {
beforeEach(function() {
workPackage.embedded.watchers = [];
buildController();
})
it('returns true', function() {
expect(scope.canViewWorkPackageWatchers()).to.be.true;
});
});
});
describe('work package properties', function() {
describe('relations', function() {
beforeEach(function() {

@ -147,7 +147,7 @@ module API
property :assignee, embedded: true, class: ::API::V3::Users::UserModel, decorator: ::API::V3::Users::UserRepresenter, if: -> (*) { !assignee.nil? }
collection :activities, embedded: true, class: ::API::V3::Activities::ActivityModel, decorator: ::API::V3::Activities::ActivityRepresenter
property :watchers, embedded: true, exec_context: :decorator
property :watchers, embedded: true, exec_context: :decorator, if: -> (*) { current_user_allowed_to(:view_work_package_watchers, represented.work_package) }
collection :attachments, embedded: true, class: ::API::V3::Attachments::AttachmentModel, decorator: ::API::V3::Attachments::AttachmentRepresenter
property :relations, embedded: true, exec_context: :decorator

@ -12,7 +12,8 @@
ui-sref-active="selected">
<a href ng-bind="I18n.t('js.work_packages.tabs.relations')"/>
</li>
<li ui-sref="work-packages.list.details.watchers({})"
<li ng-if="canViewWorkPackageWatchers()"
ui-sref="work-packages.list.details.watchers({})"
ui-sref-active="selected">
<a href ng-bind="I18n.t('js.work_packages.tabs.watchers')"/>
</li>

@ -44,7 +44,7 @@ describe ::API::V3::WorkPackages::WorkPackageRepresenter do
)
}
let(:project) { work_package.project }
let(:permissions) { %i(view_work_packages add_work_package_watchers delete_work_package_watchers) }
let(:permissions) { %i(view_work_packages view_work_package_watchers add_work_package_watchers delete_work_package_watchers) }
let(:role) { FactoryGirl.create :role, permissions: permissions }
before(:each) do
@ -164,6 +164,20 @@ describe ::API::V3::WorkPackages::WorkPackageRepresenter do
it { should have_json_type(Array).at_path('_embedded/attachments') }
it { should have_json_size(0).at_path('_embedded/attachments') }
end
describe 'watchers' do
context 'when the current user has the permission to view work packages' do
it { should have_json_path('_embedded/watchers') }
end
context 'when the current user does not have the permission to view work packages' do
before do
role.permissions.delete(:view_work_package_watchers) and role.save
end
it { should_not have_json_path('_embedded/watchers') }
end
end
end
end
end

Loading…
Cancel
Save