From: Jean-Philippe Lang
Date: Wed, 20 Nov 2019 15:01:24 +0000 (+0000)
Subject: Only admin users should be able to manage public queries on the project list (#29482).
X-Git-Tag: 4.2.0~1546
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=977bbea725d0d6909d081390b3147e18340b532c;p=redmine.git
Only admin users should be able to manage public queries on the project list (#29482).
Like for issues, project members with the "Manage public" queries are allowed to manage public queries inside their projects, not public global queries that are proposed on /issues.
git-svn-id: http://svn.redmine.org/redmine/trunk@19091 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
diff --git a/app/controllers/queries_controller.rb b/app/controllers/queries_controller.rb
index 348806198..56283dc30 100644
--- a/app/controllers/queries_controller.rb
+++ b/app/controllers/queries_controller.rb
@@ -126,7 +126,7 @@ class QueriesController < ApplicationController
@query.column_names = nil if params[:default_columns]
@query.sort_criteria = (params[:query] && params[:query][:sort_criteria]) || @query.sort_criteria
@query.name = params[:query] && params[:query][:name]
- if User.current.allowed_to?(:manage_public_queries, @query.project) || User.current.admin? || (@query.type == 'ProjectQuery' && User.current.allowed_to?(:manage_public_queries, @query.project, :global => true))
+ if User.current.allowed_to?(:manage_public_queries, @query.project) || User.current.admin?
@query.visibility = (params[:query] && params[:query][:visibility]) || Query::VISIBILITY_PRIVATE
@query.role_ids = params[:query] && params[:query][:role_ids]
else
diff --git a/app/views/queries/_form.html.erb b/app/views/queries/_form.html.erb
index 071496f52..7227a6c5f 100644
--- a/app/views/queries/_form.html.erb
+++ b/app/views/queries/_form.html.erb
@@ -8,8 +8,7 @@
<%= text_field 'query', 'name', :size => 80 %>