No need to query changesets if user is not allowed to view them.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5445 e93f8b46-1217-0410-a6f0-8f06a7374b81

1 files changed, 7 insertions, 3 deletions

diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 4acd728ba..18484bef3 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -105,9 +105,13 @@ class IssuesController < ApplicationController
   def show
     @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
     @journals.each_with_index {|j,i| j.indice = i+1}
-    @journals.reverse! if User.current.wants_comments_in_reverse_order?
-    @changesets = @issue.changesets.visible.all
-    @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+    @journals.reverse! if User.current.wants_comments_in_reverse_order
+    
+    if User.current.allowed_to?(:view_changesets, @project)
+      @changesets = @issue.changesets.visible.all
+      @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+    end
+    
     @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
     @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
     @edit_allowed = User.current.allowed_to?(:edit_issues, @project)