DMSF access for anonymous users #881

2018-07-13 09:54:39 +02:00 · 2018-07-13 09:54:39 +02:00 · 2b1747ad19
commit 2b1747ad19
parent 397cb98e14
2 changed files with 15 additions and 15 deletions
--- a/app/models/dmsf_folder.rb
+++ b/app/models/dmsf_folder.rb
@ -51,21 +51,17 @@ class DmsfFolder < ActiveRecord::Base

  def self.visible_condition(system=true)
    Project.allowed_to_condition(User.current, :view_dmsf_folders) do |role, user|
-      if user.id && user.logged?
-        permissions = "#{DmsfFolderPermission.table_name}"
-        folders = "#{DmsfFolder.table_name}"
-        group_ids = user.group_ids.join(',')
-        group_ids = -1 if group_ids.blank?
-        allowed = (system && role.allowed_to?(:display_system_folders)) ? 1 : 0
-        %{
-          ((#{permissions}.object_id IS NULL) OR
-          (#{permissions}.object_id = #{role.id} AND #{permissions}.object_type = 'Role') OR
-          ((#{permissions}.object_id = #{user.id} OR #{permissions}.object_id IN (#{group_ids})) AND #{permissions}.object_type = 'User')) AND
-          (#{folders}.system = #{DmsfFolder.connection.quoted_false} OR 1 = #{allowed})
-        }
-      else
-        '0 = 1'
-      end
+      permissions = "#{DmsfFolderPermission.table_name}"
+      folders = "#{DmsfFolder.table_name}"
+      group_ids = user.group_ids.join(',')
+      group_ids = -1 if group_ids.blank?
+      allowed = (system && role.allowed_to?(:display_system_folders)) ? 1 : 0
+      %{
+        ((#{permissions}.object_id IS NULL) OR
+        (#{permissions}.object_id = #{role.id} AND #{permissions}.object_type = 'Role') OR
+        ((#{permissions}.object_id = #{user.id} OR #{permissions}.object_id IN (#{group_ids})) AND #{permissions}.object_type = 'User')) AND
+        (#{folders}.system = #{DmsfFolder.connection.quoted_false} OR 1 = #{allowed})
+      }
    end
  end

--- a/test/unit/dmsf_folder_test.rb
+++ b/test/unit/dmsf_folder_test.rb
@ -65,6 +65,10 @@ class DmsfFolderTest < RedmineDmsf::Test::UnitTest
    # Hasn't got permissions for @folder7
    @folder7.dmsf_folder_permissions.where(:object_type => 'User').delete_all
    assert_equal 4, DmsfFolder.visible.where(:project_id => 1).count
+    # Anonymous user
+    User.current = User.anonymous
+    @project.add_default_member User.anonymous
+    assert_equal 5, DmsfFolder.visible.where(:project_id => 1).count
  end

  def test_permissions