stable
Clone or download
This is part of story #19275 restrict who can see comments The goal of this patch is to prevent leaked comments. Because the SQL query is very complicated to do it in one shot, for the moment, expert search with '@comment' cirteria doesn't search for private comment. How to test: - Have a follow up that contains (for example) 'my comment' and get its id - Have a ugroup (with users or not in) - Add (comment_id, ugroup_id) on plugin_tracker_private_comment_permission table - Do a request with "@comment = 'my comment'" Expected results: => The artifact is not shown in the tracker report - If you delete the new row in plugin_tracker_private_comment_permission table and do the same request: |=> The artifact appears in the tracker report Change-Id: I569d984d0b97983a3a45cb5e8f8bf12f0fd85c99
Modified Files
| Name | ||||
|---|---|---|---|---|
| M | plugins/tracker/include/Tracker/Report/Query/CommentFromWhereBuilder.php | +2 | −1 | Go to diff View file |
| M | plugins/tracker/tests/rest/TQL/TQLTest.php | +4 | −2 | Go to diff View file |
| M | plugins/tracker/tests/rest/_fixtures/tql/project.xml | +25 | −0 | Go to diff View file |