I am still working on queries.
As a matter of fact, that a lot of code is hm... frightening though powerful,
I decided not to try to change thousands of small things on the fly.
But this one was something i thought could be done easily.
Originally the only place where permissions for queries have been used was in IssuesHelper
def sidebar_queries
unless @sidebar_queries
# User can see public queries and his own queries
visible = ARCondition.new(["is_public = ? OR user_id = ?", true, (User.current.logged? ? User.current.id : 0)])
# Project specific queries and global queries
visible << (@project.nil? ? ["project_id IS NULL"] : ["project_id IS NULL OR project_id = ?", @project.id])
@sidebar_queries = Query.find(:all,
:select => 'id, name, is_public',
:order => "name ASC",
:conditions => visible.conditions)
end
@sidebar_queries
end
Instead we can do this
#
# This method helps to tear the permission logic out of sidebar_queries in IssuesHelper
#
def self.visible(project=nil)
# User can see public queries and his own queries
visible = ARCondition.new(["is_public = ? OR user_id = ?", true, (User.current.logged? ? User.current.id : 0)])
# Project specific queries and global queries
visible << (project.nil? ? ["project_id IS NULL"] : ["project_id IS NULL OR project_id = ?", project.id])
Query.find(:all,
:select => 'id, name, is_public',
:order => "name ASC",
:conditions => visible.conditions)
end