From 2b1747ad19144e2cf932bef192d09c62f5c090d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Pi=C4=8Dman?= <karel.picman@kontron.com>
Date: Fri, 13 Jul 2018 09:54:39 +0200
Subject: [PATCH] DMSF access for anonymous users #881

---
 app/models/dmsf_folder.rb     | 26 +++++++++++---------------
 test/unit/dmsf_folder_test.rb |  4 ++++
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/app/models/dmsf_folder.rb b/app/models/dmsf_folder.rb
index 640eef10..30625e73 100644
--- a/app/models/dmsf_folder.rb
+++ b/app/models/dmsf_folder.rb
@@ -51,21 +51,17 @@ class DmsfFolder < ActiveRecord::Base
 
   def self.visible_condition(system=true)
     Project.allowed_to_condition(User.current, :view_dmsf_folders) do |role, user|
-      if user.id && user.logged?
-        permissions = "#{DmsfFolderPermission.table_name}"
-        folders = "#{DmsfFolder.table_name}"
-        group_ids = user.group_ids.join(',')
-        group_ids = -1 if group_ids.blank?
-        allowed = (system && role.allowed_to?(:display_system_folders)) ? 1 : 0
-        %{
-          ((#{permissions}.object_id IS NULL) OR
-          (#{permissions}.object_id = #{role.id} AND #{permissions}.object_type = 'Role') OR
-          ((#{permissions}.object_id = #{user.id} OR #{permissions}.object_id IN (#{group_ids})) AND #{permissions}.object_type = 'User')) AND
-          (#{folders}.system = #{DmsfFolder.connection.quoted_false} OR 1 = #{allowed})
-        }
-      else
-        '0 = 1'
-      end
+      permissions = "#{DmsfFolderPermission.table_name}"
+      folders = "#{DmsfFolder.table_name}"
+      group_ids = user.group_ids.join(',')
+      group_ids = -1 if group_ids.blank?
+      allowed = (system && role.allowed_to?(:display_system_folders)) ? 1 : 0
+      %{
+        ((#{permissions}.object_id IS NULL) OR
+        (#{permissions}.object_id = #{role.id} AND #{permissions}.object_type = 'Role') OR
+        ((#{permissions}.object_id = #{user.id} OR #{permissions}.object_id IN (#{group_ids})) AND #{permissions}.object_type = 'User')) AND
+        (#{folders}.system = #{DmsfFolder.connection.quoted_false} OR 1 = #{allowed})
+      }
     end
   end
 
diff --git a/test/unit/dmsf_folder_test.rb b/test/unit/dmsf_folder_test.rb
index 320ed4f1..83efbeea 100644
--- a/test/unit/dmsf_folder_test.rb
+++ b/test/unit/dmsf_folder_test.rb
@@ -65,6 +65,10 @@ class DmsfFolderTest < RedmineDmsf::Test::UnitTest
     # Hasn't got permissions for @folder7
     @folder7.dmsf_folder_permissions.where(:object_type => 'User').delete_all
     assert_equal 4, DmsfFolder.visible.where(:project_id => 1).count
+    # Anonymous user
+    User.current = User.anonymous
+    @project.add_default_member User.anonymous
+    assert_equal 5, DmsfFolder.visible.where(:project_id => 1).count
   end
 
   def test_permissions