Vote #79688
完了Projects API should not return invisible trackers
0%
説明
Currently projects API returns all trackers, assigned to given project. This is inconsistency with web view, which shows only trackers, visible to the user. They are the only usable to current user anyways.
This is invoked like this: projects/PROJECTID.json?include=trackers
The problem is in redmine/app/helpers/projects_helper.rb, where the line:
project.trackers.each do |tracker|
should be changed to
project.trackers.visible.each do |tracker|
journals
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Confirmed the problem. Thank you for catching and reporting this.
--------------------------------------------------------------------------------
Alex Stanev wrote:
> should be changed to
> <pre>
project.trackers.visible.each do |tracker|
</pre>
I think that @project.rolled_up_trackers(false).visible@ is better than @project.trackers.visible@ .
I changed it as follows.
<pre><code class="diff">
diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index 794546163..64d6fea83 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -115,7 +115,7 @@ module ProjectsHelper
def render_api_includes(project, api)
api.array :trackers do
- project.trackers.each do |tracker|
+ project.rolled_up_trackers(false).visible.each do |tracker|
api.tracker(:id => tracker.id, :name => tracker.name)
end
end if include_in_api_response?('trackers')
</code></pre>
I made a patch, and attach it.
--------------------------------------------------------------------------------
Hi, thanks for you help!
This approach will also do the trick, can't test it right now.
Also maybe Go will require test for this.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
LGTM. We (matobaa, sanak and me) have verified the following with trunk (revision 20744).
* The bug reported in the issue has been fixed by your patch.
* All tests are also successful.
In the patch, we noticed that the argument of @rolled_up_trackers@ is @false@ instead of @Setting.display_subprojects_issues?@ as in @ProjectsController#show@. We assume this is because the sub project trackers are probably not needed with this API.
--------------------------------------------------------------------------------
Setting the target version to 4.1.2.
--------------------------------------------------------------------------------
Committed the patch. Thank you all for your contribution.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
related_issues
relates,Closed,285,Tracker role-based permissioning