No need to query changesets if user is not allowed to view them.

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Tue, 12 Apr 2011 19:45:47 +0000 (19:45 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Tue, 12 Apr 2011 19:45:47 +0000 (19:45 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Tue, 12 Apr 2011 19:45:47 +0000 (19:45 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Tue, 12 Apr 2011 19:45:47 +0000 (19:45 +0000)
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb

index 4acd728baa032c1bcc9385fe1b7750237972ff70..18484bef38cfc5e62ffd79cb11d69d95509ba8ab 100644 (file)
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -105,9 +105,13 @@ class IssuesController < ApplicationController
    def show
      @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
      @journals.each_with_index {|j,i| j.indice = i+1}
-    @journals.reverse! if User.current.wants_comments_in_reverse_order?
-    @changesets = @issue.changesets.visible.all
-    @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+    @journals.reverse! if User.current.wants_comments_in_reverse_order
+    
+    if User.current.allowed_to?(:view_changesets, @project)
+      @changesets = @issue.changesets.visible.all
+      @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+    end
+    
      @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
      @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
      @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Tue, 12 Apr 2011 19:45:47 +0000 (19:45 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Tue, 12 Apr 2011 19:45:47 +0000 (19:45 +0000)