diff --git a/src/org/labkey/test/tests/issues/IssuesTest.java b/src/org/labkey/test/tests/issues/IssuesTest.java index 7d4c75b21c..d077673582 100644 --- a/src/org/labkey/test/tests/issues/IssuesTest.java +++ b/src/org/labkey/test/tests/issues/IssuesTest.java @@ -83,12 +83,14 @@ public class IssuesTest extends BaseWebDriverTest private static final String USER1 = "user1_issuetest@issues.test"; private static final String USER2 = "user2_issuetest@issues.test"; private static final String USER3 = "user3_issuetest@issues.test"; + private static final String CLIENT_USER1 = "clientuser1_issuetest@issues.test"; private static final String user = "reader@issues.test"; private static final Map ISSUE_0 = new HashMap<>(Maps.of("title", ISSUE_TITLE_0, "priority", "2", "comment", "a bright flash of light")); private static final Map ISSUE_1 = new HashMap<>(Maps.of("title", ISSUE_TITLE_1, "priority", "1", "comment", "alien autopsy")); private static final String ISSUE_SUMMARY_WEBPART_NAME = "Issues Summary"; private static final String ISSUE_LIST_REGION_NAME = "issues-issues"; private static final String TEST_GROUP = "testers"; + private static final String CLIENT_GROUP = "clients"; private static final String TEST_EMAIL_TEMPLATE = "You can review this issue here: ^detailsURL^\n" + "Modified by: ^user^\n" + @@ -102,6 +104,7 @@ public class IssuesTest extends BaseWebDriverTest private static String NAME; protected IssuesHelper _issuesHelper; private final ApiPermissionsHelper _permissionsHelper = new ApiPermissionsHelper(this); + private static String CLIENT_PORTAL = "Client Issues"; public IssuesTest() { @@ -155,8 +158,9 @@ protected String getProjectName() @Override protected void doCleanup(boolean afterTest) throws TestTimeoutException { - _userHelper.deleteUsers(false, USER1, USER2); + _userHelper.deleteUsers(false, USER1, USER2, USER3, CLIENT_USER1); _containerHelper.deleteProject(getProjectName(), afterTest); + _containerHelper.deleteProject(CLIENT_PORTAL, afterTest); } public void doInit() @@ -188,6 +192,15 @@ public void doInit() waitAndClickAndWait(Locator.linkContainingText(ISSUE_SUMMARY_WEBPART_NAME)); _issuesHelper.addIssue(ISSUE_0); _issuesHelper.addIssue(ISSUE_1); + + // Create a second project with different permissions + _containerHelper.createProject(CLIENT_PORTAL); + goToProjectHome(CLIENT_PORTAL); + _userHelper.createUser(CLIENT_USER1); + _permissionsHelper.createPermissionsGroup(CLIENT_GROUP); + _permissionsHelper.setPermissions(CLIENT_GROUP, "Editor"); + _permissionsHelper.addUserToProjGroup(CLIENT_USER1, CLIENT_PORTAL, CLIENT_GROUP); + _issuesHelper.createNewIssuesList("tickets", _containerHelper); } @Before @@ -833,7 +846,32 @@ public void relatedIssueTest() .clickSubMenu(false, "Hide related comments"); assertElementNotVisible(related); - // NOTE: still need to test for case where user doesn't have permission to related issue... + // related issue permission tests + Locator commentLocator = Locator.name("related"); + goToProjectHome(CLIENT_PORTAL); + waitAndClickAndWait(Locator.linkContainingText(ISSUE_SUMMARY_WEBPART_NAME)); + String clientIssueId = _issuesHelper.addIssue(Maps.of("assignedTo", NAME, "title", "Client ticket", "priority", "3", "related", issueIdA)).getIssueId(); + + // impersonate a user without permissions to the related issues + impersonate(CLIENT_USER1); + clickAndWait(Locator.linkWithText("Issues List")); + clickAndWait(Locator.linkWithText(clientIssueId)); + updateIssue(); + setFormElement(Locator.name("comment"), "This should work"); + clickButton("Save"); + + // try to add related issue they don't have permission to see + updateIssue(); + setFormElement(relatedLocator, String.format("%s,%s", issueIdA, issueIdB)); + clickButton("Save"); + assertTextPresent("User does not have Read Permission for related issue"); + + // Issue 53820 try to remove a related issue they don't have permission to see + setFormElement(relatedLocator, ""); + clickButton("Save"); + assertTextPresent(String.format("User does not have Read Permission for related issue '%s'", issueIdA)); + clickButton("Cancel"); + stopImpersonating(); } @Test