Enalean · kotyavo-hub · Feb 8, 2021 · Feb 8, 2021 · Feb 8, 2021 · Feb 8, 2021
diff --git a/plugins/tracker/db/install.sql b/plugins/tracker/db/install.sql
@@ -289,6 +289,7 @@ CREATE TABLE tracker_changeset_comment(
     body TEXT NOT NULL,
     body_format varchar(16) NOT NULL default 'text',
     old_artifact_history_id INT(11) NULL,
+    private TINYINT(1) DEFAULT 0 NOT NULL,
     INDEX changeset_idx(changeset_id)
 ) ENGINE=InnoDB;
 
@@ -1115,4 +1116,12 @@ FROM groups
 WHERE groups.status != 'D'
       AND service.short_name = 'plugin_tracker';
 
+DROP TABLE IF EXISTS tracker_private_comment_permission;
+CREATE TABLE IF NOT EXISTS tracker_private_comment_permission (
+    id            INT(11) NOT NULL AUTO_INCREMENT,
+    tracker_id    INT(11) NOT NULL,
+    ugroup_id     INT(11) NOT NULL,
+    PRIMARY KEY (id)
+) ENGINE=InnoDB
+
 INSERT INTO forgeconfig (name, value) VALUES ('feature_flag_use_list_pickers_in_trackers_and_modals', 1);
diff --git a/...acker/db/mysql/updates/2020/202011201401_add_private_col_in_tracker_changeset_comment.php b/...acker/db/mysql/updates/2020/202011201401_add_private_col_in_tracker_changeset_comment.php
@@ -0,0 +1,44 @@
+<?php
+/**
+ *  Copyright (c) Maximaster, 2020. All rights reserved
+ *
+ *  This file is a part of Tuleap.
+ *
+ *  Tuleap is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Tuleap is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with Tuleap. If not, see <http://www.gnu.org/licenses/
+ */
+
+declare(strict_types=1);
+
+
+class b202011201401_add_private_col_in_tracker_changeset_comment extends ForgeUpgrade_Bucket //phpcs:ignore PSR1.Classes.ClassDeclaration.MissingNamespace, Squiz.Classes.ValidClassName.NotCamelCaps
+{
+    public function description(): string
+    {
+        return 'Add private column in tracker_changeset_comment to indicate a private comment';
+    }
+
+    public function preUp(): void
+    {
+        $this->db = $this->getApi('ForgeUpgrade_Bucket_Db');
+    }
+
+    public function up(): void
+    {
+        $sql = "ALTER TABLE tracker_changeset_comment ADD private TINYINT(1) DEFAULT 0 NOT NULL";
+        $res = $this->db->dbh->exec($sql);
+        if ($res === false) {
+            throw new ForgeUpgrade_Bucket_Exception_UpgradeNotComplete('Adding column did not work.');
+        }
+    }
+}
diff --git a/...ins/tracker/db/mysql/updates/2020/202011201410_add_tracker_private_comment_permission.php b/...ins/tracker/db/mysql/updates/2020/202011201410_add_tracker_private_comment_permission.php
@@ -0,0 +1,43 @@
+<?php
+/**
+ *  Copyright (c) Maximaster, 2020. All rights reserved
+ *
+ *  This file is a part of Tuleap.
+ *
+ *  Tuleap is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Tuleap is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with Tuleap. If not, see <http://www.gnu.org/licenses/
+ */
+
+class b202011201410_add_tracker_private_comment_permission extends ForgeUpgrade_Bucket // @codingStandardsIgnoreLine
+{
+    public function description()
+    {
+        return 'Add tracker_private_comment_permission for for storing permission to private comments';
+    }
+
+    public function preUp()
+    {
+        $this->db = $this->getApi('ForgeUpgrade_Bucket_Db');
+    }
+    public function up()
+    {
+        $sql = "CREATE TABLE IF NOT EXISTS tracker_private_comment_permission (
+                  id            INT(11) NOT NULL AUTO_INCREMENT,
+                  tracker_id    INT(11) NOT NULL,
+                  ugroup_id     INT(11) NOT NULL,
+                  PRIMARY KEY (id)
+                ) ENGINE=InnoDB";
+
+        $this->db->createTable('tracker_private_comment_permission', $sql);
+    }
+}
diff --git a/plugins/tracker/db/uninstall.sql b/plugins/tracker/db/uninstall.sql
@@ -114,6 +114,7 @@ DROP TABLE IF EXISTS tracker_fileinfo_temporary;
 DROP TABLE IF EXISTS tracker_reminder_notified_roles;
 DROP TABLE IF EXISTS tracker_report_config;
 DROP TABLE IF EXISTS tracker_widget_renderer;
+DROP TABLE IF EXISTS tracker_private_comment_permission;
 
 DROP TABLE IF EXISTS plugin_tracker_legacy_tracker_migrated;
 

diff --git a/plugins/tracker/include/Tracker/Action/UpdateArtifact.class.php b/plugins/tracker/include/Tracker/Action/UpdateArtifact.class.php
@@ -65,7 +65,7 @@ public function process(Tracker_IDisplayTrackerLayout $layout, Codendi_Request $
     {
          //TODO : check permissions on this action?
         $comment_format = $this->artifact->validateCommentFormat($request, 'comment_formatnew');
-
+        $private = (bool) $request->get('private_comment_inputnew');
         $fields_data                          = $request->get('artifact');
         $fields_data['request_method_called'] = 'artifact-update';
         $this->artifact->getTracker()->augmentDataFromRequest($fields_data);
@@ -75,7 +75,14 @@ public function process(Tracker_IDisplayTrackerLayout $layout, Codendi_Request $
             if ($current_user->isAnonymous()) {
                 $current_user->setEmail($request->get('email'));
             }
-            $this->artifact->createNewChangeset($fields_data, $request->get('artifact_followup_comment'), $current_user, true, $comment_format);
+            $this->artifact->createNewChangeset(
+                $fields_data,
+                $request->get('artifact_followup_comment'),
+                $current_user,
+                true,
+                $comment_format,
+                $private
+            );
 
             $art_link = $this->artifact->fetchDirectLinkToArtifact();
             $GLOBALS['Response']->addFeedback('info', sprintf(dgettext('tuleap-tracker', 'Successfully Updated (%1$s)'), $art_link), CODENDI_PURIFIER_LIGHT);

diff --git a/plugins/tracker/include/Tracker/Artifact/Artifact.php b/plugins/tracker/include/Tracker/Artifact/Artifact.php
@@ -801,12 +801,14 @@ public function process(Tracker_IDisplayTrackerLayout $layout, $request, $curren
             case 'update-comment':
                 if ((int) $request->get('changeset_id') && $request->exist('content')) {
                     if ($changeset = $this->getChangeset($request->get('changeset_id'))) {
+                        $private = $changeset->getComment()->private;
                         $comment_format = $this->validateCommentFormat($request, 'comment_format');
                         $changeset->updateComment(
                             $request->get('content'),
                             $current_user,
                             $comment_format,
-                            $_SERVER['REQUEST_TIME']
+                            $_SERVER['REQUEST_TIME'],
+                            $private
                         );
                         if ($request->isAjax()) {
                             //We assume that we can only change a comment from a followUp
@@ -1249,6 +1251,7 @@ public function getErrors()
      * @param PFUser $submitter         The user who is doing the update
      * @param bool   $send_notification true if a notification must be sent, false otherwise
      * @param string $comment_format    The comment (follow-up) type ("text" | "html")
+     * @param bool   $private           The comment (follow-up) private type
      *
      * @return Tracker_Artifact_Changeset|null
      * @throws Tracker_NoChangeException In the validation
@@ -1259,7 +1262,8 @@ public function createNewChangeset(
         $comment,
         PFUser $submitter,
         $send_notification = true,
-        $comment_format = Tracker_Artifact_Changeset_Comment::TEXT_COMMENT
+        $comment_format = Tracker_Artifact_Changeset_Comment::TEXT_COMMENT,
+        bool $private = false
     ) {
         $submitted_on = $_SERVER['REQUEST_TIME'];
         $validator    = new Tracker_Artifact_Changeset_NewChangesetFieldsValidator(
@@ -1278,7 +1282,8 @@ public function createNewChangeset(
             (bool) $send_notification,
             (string) $comment_format,
             new \Tuleap\Tracker\FormElement\Field\File\CreatedFileURLMapping(),
-            new TrackerNoXMLImportLoggedConfig()
+            new TrackerNoXMLImportLoggedConfig(),
+            (bool) $private
         );
     }
 

diff --git a/plugins/tracker/include/Tracker/Artifact/Changeset/NewChangesetCreatorBase.class.php b/plugins/tracker/include/Tracker/Artifact/Changeset/NewChangesetCreatorBase.class.php
@@ -106,7 +106,8 @@ public function create(
         bool $send_notification,
         string $comment_format,
         CreatedFileURLMapping $url_mapping,
-        TrackerImportConfig $tracker_import_config
+        TrackerImportConfig $tracker_import_config,
+        bool $private = false
     ): ?Tracker_Artifact_Changeset {
         $comment = trim($comment);
 
@@ -116,9 +117,9 @@ public function create(
         }
 
         try {
-            $new_changeset = $this->transaction_executor->execute(function () use ($artifact, $fields_data, $comment, $comment_format, $submitter, $submitted_on, $email, $url_mapping, $tracker_import_config) {
+            $new_changeset = $this->transaction_executor->execute(function () use ($artifact, $fields_data, $comment, $comment_format, $submitter, $submitted_on, $email, $url_mapping, $tracker_import_config, $private) {
                 try {
-                    $this->validateNewChangeset($artifact, $fields_data, $comment, $submitter, $email);
+                    $this->validateNewChangeset($artifact, $fields_data, $comment, $submitter, $email, $private);
 
                     $previous_changeset = $artifact->getLastChangeset();
 
@@ -161,7 +162,8 @@ public function create(
                             $submitted_on,
                             $comment_format,
                             $changeset_id,
-                            $url_mapping
+                            $url_mapping,
+                            $private
                         )
                     ) {
                         throw new Tracker_CommentNotStoredException();
@@ -265,7 +267,8 @@ private function storeComment(
         $submitted_on,
         $comment_format,
         $changeset_id,
-        CreatedFileURLMapping $url_mapping
+        CreatedFileURLMapping $url_mapping,
+        bool $private = false
     ): bool {
         $comment_format = Tracker_Artifact_Changeset_Comment::checkCommentFormat($comment_format);
 
@@ -280,7 +283,8 @@ private function storeComment(
             $submitter->getId(),
             $submitted_on,
             0,
-            $comment_format
+            $comment_format,
+            $private
         );
         if (! $comment_added) {
             return false;
@@ -303,7 +307,8 @@ private function validateNewChangeset(
         array $fields_data,
         $comment,
         PFUser $submitter,
-        $email
+        $email,
+        bool $private = false
     ): void {
         if ($submitter->isAnonymous() && ($email == null || $email == '')) {
             $message = dgettext('tuleap-tracker', 'You are not logged in.');

diff --git a/plugins/tracker/include/Tracker/Artifact/Tracker_Artifact_Changeset.class.php b/plugins/tracker/include/Tracker/Artifact/Tracker_Artifact_Changeset.class.php
@@ -23,6 +23,8 @@
 use Tuleap\Tracker\Artifact\Changeset\ChangesetFromXmlDao;
 use Tuleap\Tracker\Artifact\Changeset\ChangesetFromXmlDisplayer;
 use Tuleap\Tracker\Artifact\Changeset\PostCreation\ActionsRunner;
+use Tuleap\Tracker\Permission\FollowUp\PrivateComments\PermissionsOnPrivateCommentChecker;
+use Tuleap\Tracker\REST\ChangesetRepresentation;
 
 require_once __DIR__ . '/../../../../../src/www/include/utils.php';
 
@@ -44,6 +46,11 @@ class Tracker_Artifact_Changeset extends Tracker_Artifact_Followup_Item
      */
     private $latest_comment;
 
+    /**
+     * @var bool
+     */
+    public $private_comment_access_denied;
+
     /**
      * Constructor
      *
@@ -250,6 +257,7 @@ public function fetchFollowUp($diff_to_previous, PFUser $current_user)
         $html .= $this->getPermalink();
         $html .= $this->fetchChangesetActionButtons();
         $html .= $this->fetchImportedFromXmlData();
+        $html .= $this->getPrivateBlock();
         $html .= $this->getUserLink();
         $html .= $this->getTimeAgo($current_user);
         $html .= '</div>';
@@ -263,6 +271,15 @@ public function fetchFollowUp($diff_to_previous, PFUser $current_user)
         return $html;
     }
 
+    private function getPrivateBlock()
+    {
+        $html = '';
+        if ($this->getComment()->private){
+            $html = ' <span class="label__private">Private</span>';
+        }
+        return $html;
+    }
+
     private function fetchChangesetActionButtons()
     {
         $html        = '';
@@ -395,6 +412,10 @@ public function getFollowUpClassnames($diff_to_previous)
             $classnames .= ' tracker_artifact_followup-with_comment ';
         }
 
+        if ($comment && ! $comment->hasEmptyBody() && $comment->private){
+            $classnames .= ' tracker_artifact_followup-with_private_comment ';
+        }
+
         if ($this->submitted_by && $this->submitted_by < 100) {
             $classnames .= ' tracker_artifact_followup-by_system_user ';
         }
@@ -472,14 +493,14 @@ public function userCanEdit(?PFUser $user = null)
      *
      * @return void
      */
-    public function updateComment($body, $user, $comment_format, $timestamp)
+    public function updateComment($body, $user, $comment_format, $timestamp, ?bool $private = null)
     {
-        if ($this->updateCommentWithoutNotification($body, $user, $comment_format, $timestamp)) {
+        if ($this->updateCommentWithoutNotification($body, $user, $comment_format, $timestamp, $private)) {
             $this->executePostCreationActions();
         }
     }
 
-    public function updateCommentWithoutNotification($body, $user, $comment_format, $timestamp)
+    public function updateCommentWithoutNotification($body, $user, $comment_format, $timestamp, bool $private = false)
     {
         if ($this->userCanEdit($user)) {
             $commentUpdated = $this->getCommentDao()->createNewVersion(
@@ -488,7 +509,8 @@ public function updateCommentWithoutNotification($body, $user, $comment_format,
                 $user->getId(),
                 $timestamp,
                 $this->getComment()->id,
-                $comment_format
+                $comment_format,
+                $private
             );
 
             unset($this->latest_comment);
@@ -533,11 +555,16 @@ protected function getReferenceManager()
      */
     public function getComment()
     {
-        if (isset($this->latest_comment)) {
+        if ($this->private_comment_access_denied || isset($this->latest_comment)) {
             return $this->latest_comment;
         }
 
-        if ($row = $this->getCommentDao()->searchLastVersion($this->id)->getRow()) {
+        $user = $this->getUserManager()->getCurrentUser();
+        $tracker = $this->getArtifact()->getTracker();
+
+        $access_private_comments = PermissionsOnPrivateCommentChecker::getInstance()->checkPermission($user, $tracker);
+
+        if ($row = $this->getCommentDao()->searchLastVersion($this->id, $access_private_comments)->getRow()) {
             $this->latest_comment = new Tracker_Artifact_Changeset_Comment(
                 $row['id'],
                 $this,
@@ -547,7 +574,8 @@ public function getComment()
                 $row['submitted_on'],
                 $row['body'],
                 $row['body_format'],
-                $row['parent_id']
+                $row['parent_id'],
+                $row['private']
             );
         }
         return $this->latest_comment;
@@ -562,6 +590,11 @@ public function setLatestComment($comment)
         $this->latest_comment = $comment;
     }
 
+    public function setPrivateCommentAccessDenied(bool $private_comment_access_denied): void
+    {
+        $this->private_comment_access_denied = $private_comment_access_denied;
+    }
+
     /**
      * Return the ChangesetDao
      *
@@ -794,7 +827,7 @@ public function getArtifact()
     /**
      * Returns the Id of this changeset
      *
-     * @return string The Id of this changeset
+     * @return int The Id of this changeset
      *
      * @psalm-mutation-free
      */