Release OpenProject 17.0.5

Author: klaustopher

.github/workflows/docker.yml

@@ -32,9 +32,6 @@ on:
 permissions:
   contents: read # to fetch code (actions/checkout)
 
-env:
-  REGISTRY_IMAGE: openproject/openproject
-
 jobs:
   setup:
     runs-on: ubuntu-latest
@@ -55,7 +52,7 @@ jobs:
           if [ "${{ inputs.use_test_registry }}" = "true" ]; then
             echo "registry_image=openproject/openproject-test" >> "$GITHUB_OUTPUT"
           else
-            echo "registry_image=${{ env.REGISTRY_IMAGE }}" >> "$GITHUB_OUTPUT"
+            echo "registry_image=${{ vars.REGISTRY_IMAGE }}" >> "$GITHUB_OUTPUT"
           fi
       - name: Verify outputs
         run: |
@@ -116,7 +113,7 @@ jobs:
       docker_tags: ${{ steps.extract_version.outputs.docker_tags }}
       registry_image: ${{ steps.extract_version.outputs.registry_image }}
   build:
-    if: github.repository == 'opf/openproject'
+    if: github.repository_owner == 'opf'
     needs:
       - setup
     runs-on:

app/controllers/users_controller.rb

@@ -207,8 +207,15 @@ def change_status # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
   end
 
   def resend_invitation # rubocop:disable Metrics/AbcSize
+    if @user.admin? && !current_user.admin?
+      # non-admin users are not allowed to change admin status
+      flash[:error] = I18n.t("user.error_admin_change_on_non_admin")
+      redirect_to helpers.allowed_management_user_profile_path(@user)
+      return
+    end
+
     status = Principal.statuses[:invited]
-    @user.update status: status if @user.status != status
+    @user.update!(status: status) if @user.status != status
 
     token = UserInvitation.reinvite_user @user.id
 

app/controllers/work_packages/activities_tab_controller.rb

@@ -222,6 +222,7 @@ def respond_with_error(error_message)
       format.turbo_stream do
         @turbo_status = :not_found
         render_error_flash_message_via_turbo_stream(message: error_message)
+        render turbo_stream: turbo_streams, status: :not_found
       end
     end
   end
@@ -239,7 +240,9 @@ def find_project
   end
 
   def find_journal
-    @journal = Journal
+    @journal = @work_package
+      .journals
+      .internal_visible
       .with_sequence_version
       .find(params[:id])
   rescue ActiveRecord::RecordNotFound

app/models/attribute_help_text/work_package.rb

@@ -53,7 +53,7 @@ def type_caption
 
   def self.visible_condition(user)
     visible_cf_names = WorkPackageCustomField
-      .manageable_by_user(user)
+      .visible(user)
       .pluck(:id)
       .map { |id| "custom_field_#{id}" }
 

app/models/custom_field.rb

@@ -53,11 +53,15 @@ class CustomField < ApplicationRecord
 
   has_many :calculated_value_errors, dependent: :delete_all, inverse_of: "custom_field"
 
+  include Scopes::Scoped
+
   scope :hierarchy_root_and_children, -> { includes(hierarchy_root: { children: :children }) }
   scope :required, -> { where(is_required: true).where.not(field_format: "calculated_value") }
 
   scope :field_format_calculated_value, -> { where(field_format: "calculated_value") }
 
+  scopes :visible
+
   acts_as_list scope: [:type]
 
   validates :field_format, presence: true

app/models/custom_fields/scopes/visible.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+# -- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+# ++
+
+module CustomFields::Scopes
+  module Visible
+    extend ActiveSupport::Concern
+
+    class_methods do
+      def visible(user = User.current)
+        known_subclasses
+          .inject(none) do |scope, klass|
+          scope.or(where(type: klass.name).and(klass.visible(user)))
+        end
+      end
+
+      def known_subclasses
+        # In dev/test without eager loading, subclasses might not be loaded.
+        if Rails.env.local?
+          CustomField
+            .group(:type)
+            .pluck(:type)
+            .map(&:safe_constantize)
+        end
+
+        CustomField.subclasses
+      end
+    end
+  end
+end

app/models/group_custom_field.rb

@@ -29,6 +29,8 @@
 #++
 
 class GroupCustomField < CustomField
+  scopes :visible
+
   def type_name
     :label_group_plural
   end

app/models/group_custom_fields/scopes/visible.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+# -- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+# ++
+
+module GroupCustomFields::Scopes
+  module Visible
+    extend ActiveSupport::Concern
+
+    class_methods do
+      def visible(user = User.current)
+        if user.admin?
+          all
+        else
+          where(admin_only: false)
+        end
+      end
+    end
+  end
+end

app/models/project_custom_field.rb

@@ -46,41 +46,15 @@ class ProjectCustomField < CustomField
   has_one :role, through: :custom_fields_role
   accepts_nested_attributes_for :custom_fields_role, allow_destroy: true
 
+  scopes :visible
+
   scope :user_field_with_assigned_role, -> do
     joins(:custom_fields_role)
       .where.not(custom_fields_roles: { role_id: nil })
       .where(field_format: "user")
   end
 
   class << self
-    def visible(user = User.current, project: nil)
-      if user.admin?
-        all
-      elsif user.allowed_in_any_project?(:select_project_custom_fields) || user.allowed_globally?(:add_project)
-        where(admin_only: false)
-      else
-        where(admin_only: false).where(mappings_with_view_project_attributes_permission(user, project).exists)
-      end
-    end
-
-    def toggleable_ids_in_project_settings(project, user, custom_field_section_id)
-      toggleable_ids(
-        project:,
-        user:,
-        custom_field_section_id:,
-        options: { is_for_all: false }
-      ).first
-    end
-
-    def toggleable_ids_in_creation_wizard_settings(project, custom_field_section_id)
-      toggleable_ids(
-        project:,
-        custom_field_section_id:,
-        options: { is_required: false },
-        invert_options: { is_required: true }
-      )
-    end
-
     private
 
     # Returns an array with:

app/models/project_custom_fields/scopes/visible.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+# -- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+# ++
+
+module ProjectCustomFields::Scopes
+  module Visible
+    extend ActiveSupport::Concern
+
+    class_methods do
+      def visible(user = User.current, project: nil)
+        if user.admin?
+          all
+        elsif user.allowed_in_any_project?(:select_project_custom_fields) || user.allowed_globally?(:add_project)
+          where(admin_only: false)
+        else
+          where(admin_only: false).where(mappings_with_view_project_attributes_permission(user, project).exists)
+        end
+      end
+    end
+  end
+end