Check permission before retrieving projects.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@8532 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2012-01-07 12:39:26 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2012-01-07 12:39:26 +0000
commit: 6539d04622fb66f1fd895cdf2a5200eec861d43c (patch)
tree: 14bcfa22cb9adee904608b6ee763ba3f20e53005 /app/models/issue.rb
parent: 81cf6b23439705231e1b3655709b3d3cae43a9cd (diff)
download: redmine-6539d04622fb66f1fd895cdf2a5200eec861d43c.tar.gz
redmine-6539d04622fb66f1fd895cdf2a5200eec861d43c.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/app/models/issue.rb b/app/models/issue.rb
index 16707f8ad..c9892c6f1 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -246,8 +246,10 @@ class Issue < ActiveRecord::Base
 
   safe_attributes 'project_id',
     :if => lambda {|issue, user|
-      projects = Issue.allowed_target_projects_on_move(user)
-      projects.include?(issue.project) && projects.size > 1
+      if user.allowed_to?(:move_issues, issue.project)
+        projects = Issue.allowed_target_projects_on_move(user)
+        projects.include?(issue.project) && projects.size > 1
+      end
     }
 
   safe_attributes 'tracker_id',
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2012-01-07 12:39:26 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2012-01-07 12:39:26 +0000
commit	6539d04622fb66f1fd895cdf2a5200eec861d43c (patch)
tree	14bcfa22cb9adee904608b6ee763ba3f20e53005 /app/models/issue.rb
parent	81cf6b23439705231e1b3655709b3d3cae43a9cd (diff)
download	redmine-6539d04622fb66f1fd895cdf2a5200eec861d43c.tar.gz redmine-6539d04622fb66f1fd895cdf2a5200eec861d43c.zip