fixed scope of public project dashboards for all projects

CHANGELOG.rst

@@ -9,6 +9,7 @@ Changelog
 - D3 7.0.0 support
 - Remove issue macro, which is now supported by Redmine core
 - new ticket message can be overwritten for projects
+- fixed scope of public project dashboards for all projects
 
 3.0.2
 +++++

app/controllers/dashboards_controller.rb

@@ -207,7 +207,11 @@ class DashboardsController < ApplicationController
     raise ::Unauthorized unless @dashboard.visible?
 
     if @dashboard.dashboard_type == DashboardContentProject::TYPE_NAME && @dashboard.project.nil?
-      @dashboard.content_project = find_project_by_project_id
+      @dashboard.content_project = if params[:dashboard].present? && params[:dashboard][:content_project_id].present?
+                                     find_project params[:dashboard][:content_project_id]
+                                   else
+                                     find_project_by_project_id
+                                   end
     else
       @project = @dashboard.project
     end

app/helpers/dashboards_helper.rb

@@ -32,17 +32,13 @@ module DashboardsHelper
     safe_join classes, ' '
   end
 
-  def sidebar_dashboards(dashboard, project = nil, user = nil)
-    user ||= User.current
+  def sidebar_dashboards(dashboard, project = nil)
     scope = Dashboard.visible.includes [:author]
 
     scope = if project.present?
               scope = scope.project_only
               scope.where(project_id: project.id)
-                   .or(scope.where(system_default: true)
-                            .where(project_id: nil))
-                   .or(scope.where(author_id: user.id)
-                            .where(project_id: nil))
+                   .or(scope.where(project_id: nil))
             else
               scope.where dashboard_type: dashboard.dashboard_type
             end

app/views/dashboards/_form.html.slim

@@ -12,6 +12,7 @@
       = hidden_field_tag 'dashboard[dashboard_type]', @dashboard.dashboard_type if @dashboard.new_record?
       - if @project && @allowed_projects.present? && @allowed_projects.count > 1
         p
+          = hidden_field_tag 'dashboard[content_project_id]', @project&.id
           = f.select :project_id,
                      project_tree_options_for_select(@allowed_projects,
                                                      selected: @dashboard.project,

test/fixtures/dashboards.yml

@@ -96,6 +96,13 @@ private_project_default:
   author_id: 1
   visibility: 0
 
+public_project:
+  name: Public project for all project, but no system default
+  dashboard_type: <%= DashboardContentProject::TYPE_NAME %>
+  project_id:
+  author_id: 1
+  visibility: 2
+
 private_project:
   name: Private project for user 1
   dashboard_type: <%= DashboardContentProject::TYPE_NAME %>

test/functional/projects_controller_test.rb

@@ -83,4 +83,24 @@ class ProjectsControllerTest < Additionals::ControllerTest
 
     assert_response :forbidden
   end
+
+  def test_shared_project_dashboard_for_all_projects
+    @request.session[:user_id] = 3
+
+    get :show,
+        params: { id: 1,
+                  dashboard_id: dashboards(:public_project) }
+
+    assert_response :success
+  end
+
+  def test_shared_welcome_dashboard_for_all_projects
+    @request.session[:user_id] = 3
+
+    get :show,
+        params: { id: 1,
+                  dashboard_id: dashboards(:public_welcome) }
+
+    assert_response :missing
+  end
 end

test/functional/welcome_controller_test.rb

@@ -103,4 +103,11 @@ class WelcomeControllerTest < Additionals::ControllerTest
 
     assert_response :missing
   end
+
+  def test_index_with_public_project_dashboard
+    get :index,
+        params: { dashboard_id: dashboards(:public_project) }
+
+    assert_response :missing
+  end
 end

test/unit/dashboard_test.rb

@@ -191,7 +191,7 @@ class DashboardTest < Additionals::TestCase
   end
 
   def test_dashboard_project_scope
-    assert_equal 2, Dashboard.visible.project_only.count
+    assert_equal 3, Dashboard.visible.project_only.count
   end
 
   def test_destroy_dashboard_without_roles