diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-09-20 19:26:58 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-09-20 19:26:58 +0000 |
| commit | 5328c4adcb6c34978652b5245b0de0b98903a6d1 (patch) | |
| tree | 3c1cee447f5b2c34afc6aecb51980fad40ce258c /app/models/issue.rb | |
| parent | 30b3e796ffe5ea5beb6fbf03d3f000e8968f89bb (diff) | |
| download | redmine-5328c4adcb6c34978652b5245b0de0b98903a6d1.tar.gz redmine-5328c4adcb6c34978652b5245b0de0b98903a6d1.zip | |
Anonymous users should always see public issues only (#11872).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@10437 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/models/issue.rb')
| -rw-r--r-- | app/models/issue.rb | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/app/models/issue.rb b/app/models/issue.rb index 5b1cfadb8..86371d5f7 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -84,25 +84,21 @@ class Issue < ActiveRecord::Base # Returns a SQL conditions string used to find all issues visible by the specified user def self.visible_condition(user, options={}) Project.allowed_to_condition(user, :view_issues, options) do |role, user| - case role.issues_visibility - when 'all' - nil - when 'default' - if user.logged? + if user.logged? + case role.issues_visibility + when 'all' + nil + when 'default' user_ids = [user.id] + user.groups.map(&:id) "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" - else - "(#{table_name}.is_private = #{connection.quoted_false})" - end - when 'own' - if user.logged? + when 'own' user_ids = [user.id] + user.groups.map(&:id) "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))" else '1=0' end else - '1=0' + "(#{table_name}.is_private = #{connection.quoted_false})" end end end @@ -110,15 +106,19 @@ class Issue < ActiveRecord::Base # Returns true if usr or current user is allowed to view the issue def visible?(usr=nil) (usr || User.current).allowed_to?(:view_issues, self.project) do |role, user| - case role.issues_visibility - when 'all' - true - when 'default' - !self.is_private? || (user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to))) - when 'own' - user.logged? && (self.author == user || user.is_or_belongs_to?(assigned_to)) + if user.logged? + case role.issues_visibility + when 'all' + true + when 'default' + !self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to)) + when 'own' + self.author == user || user.is_or_belongs_to?(assigned_to) + else + false + end else - false + !self.is_private? end end end |