diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-11-29 19:37:20 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-11-29 19:37:20 +0000 |
| commit | cd75ba33e9eddce1b27e1f872b4271d8a8847ef0 (patch) | |
| tree | ba15bccabd0a8bdcd97fc0b4ec6a079579cec49e /app/helpers | |
| parent | 96a854a4b31c1b8f2a70a40fbe20856818023d9d (diff) | |
| download | redmine-cd75ba33e9eddce1b27e1f872b4271d8a8847ef0.tar.gz redmine-cd75ba33e9eddce1b27e1f872b4271d8a8847ef0.zip | |
Adds visibility checks on version views (#27676).
Previously not all data on the roadmap and version view where properly
checked against the issue visibility setting. Unprivileged users were
able to see the total number of issues, their estimations and the
open/close status - even if the user was only allowed to see their own issues.
Patch by Gregor Schmidt.
git-svn-id: http://svn.redmine.org/redmine/trunk@17051 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/helpers')
| -rw-r--r-- | app/helpers/versions_helper.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/helpers/versions_helper.rb b/app/helpers/versions_helper.rb index fe1fb8815..9d088a9d9 100644 --- a/app/helpers/versions_helper.rb +++ b/app/helpers/versions_helper.rb @@ -57,9 +57,9 @@ module VersionsHelper h = Hash.new {|k,v| k[v] = [0, 0]} begin # Total issue count - version.fixed_issues.group(criteria).count.each {|c,s| h[c][0] = s} + version.fixed_issues.visible.group(criteria).count.each {|c,s| h[c][0] = s} # Open issues count - version.fixed_issues.open.group(criteria).count.each {|c,s| h[c][1] = s} + version.fixed_issues.visible.open.group(criteria).count.each {|c,s| h[c][1] = s} rescue ActiveRecord::RecordNotFound # When grouping by an association, Rails throws this exception if there's no result (bug) end |