diff options
author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2013-01-04 08:21:33 +0000 |
---|---|---|
committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2013-01-04 08:21:33 +0000 |
commit | 9c698157f44819d224a9be5c13d8b517690e4bed (patch) | |
tree | a07f2a8e8ce488872919a2391595eb0336732edd | |
parent | 3bf6f8d7ff2618baf56ce541f0e0d27758a24df0 (diff) | |
download | redmine-9c698157f44819d224a9be5c13d8b517690e4bed.tar.gz redmine-9c698157f44819d224a9be5c13d8b517690e4bed.zip |
Check permissions before the extra condition for displaying a menu item (#12721).
Patch by Daniel Ritz.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11112 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r-- | lib/redmine/menu_manager.rb | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/lib/redmine/menu_manager.rb b/lib/redmine/menu_manager.rb index 1bb991178..94b92c6b7 100644 --- a/lib/redmine/menu_manager.rb +++ b/lib/redmine/menu_manager.rb @@ -190,20 +190,17 @@ module Redmine # Checks if a user is allowed to access the menu item by: # - # * Checking the conditions of the item # * Checking the url target (project only) + # * Checking the conditions of the item def allowed_node?(node, user, project) + if project && user && !user.allowed_to?(node.url, project) + return false + end if node.condition && !node.condition.call(project) # Condition that doesn't pass return false end - - if project - return user && user.allowed_to?(node.url, project) - else - # outside a project, all menu items allowed - return true - end + return true end end |