diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-02-08 10:20:53 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-02-08 10:20:53 +0000 |
| commit | 01f673be08be68247b72a8954379b3f0c7a9a9d3 (patch) | |
| tree | 866383ef7f9e0e2b9fe73aee4f6dea417602d692 /app/controllers | |
| parent | 92cdae49199e6e8cc26408d0bbeea1466e7189c6 (diff) | |
| download | redmine-01f673be08be68247b72a8954379b3f0c7a9a9d3.tar.gz redmine-01f673be08be68247b72a8954379b3f0c7a9a9d3.zip | |
Removed :move_issues permission (#18855).
This permission was wrongly used to allow bulk issue copy. To prevent user from moving an issue to another project, the project field should now be set to read-only in the workflow permissions. A migration does this automatically for roles that have the edit_issues permission without having the move_issues permission.
git-svn-id: http://svn.redmine.org/redmine/trunk@13981 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/context_menus_controller.rb | 3 | ||||
| -rw-r--r-- | app/controllers/issues_controller.rb | 12 |
2 files changed, 6 insertions, 9 deletions
diff --git a/app/controllers/context_menus_controller.rb b/app/controllers/context_menus_controller.rb index 3c4d46852..99b320d5c 100644 --- a/app/controllers/context_menus_controller.rb +++ b/app/controllers/context_menus_controller.rb @@ -31,8 +31,7 @@ class ContextMenusController < ApplicationController @can = {:edit => User.current.allowed_to?(:edit_issues, @projects), :log_time => (@project && User.current.allowed_to?(:log_time, @project)), - :move => (@project && User.current.allowed_to?(:move_issues, @project)), - :copy => (@issue && @project.trackers.include?(@issue.tracker) && User.current.allowed_to?(:add_issues, @project)), + :copy => User.current.allowed_to?(:add_issues, @projects), :delete => User.current.allowed_to?(:delete_issues, @projects) } if @project diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index d1cac203e..de7155481 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -219,13 +219,11 @@ class IssuesController < ApplicationController @copy = params[:copy].present? @notes = params[:notes] - if User.current.allowed_to?(:move_issues, @projects) - @allowed_projects = Issue.allowed_target_projects_on_move - if params[:issue] - @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:issue][:project_id].to_s} - if @target_project - target_projects = [@target_project] - end + @allowed_projects = Issue.allowed_target_projects + if params[:issue] + @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:issue][:project_id].to_s} + if @target_project + target_projects = [@target_project] end end target_projects ||= @projects |