Code cleanup.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@8198 e93f8b46-1217-0410-a6f0-8f06a7374b81

1 files changed, 6 insertions, 7 deletions

diff --git a/app/models/issue.rb b/app/models/issue.rb
index 1723d1c08..5ccd40ee9 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -260,7 +260,6 @@ class Issue < ActiveRecord::Base
 
   safe_attributes 'tracker_id',
     'status_id',
-    'parent_issue_id',
     'category_id',
     'assigned_to_id',
     'priority_id',
@@ -291,6 +290,10 @@ class Issue < ActiveRecord::Base
         (issue.author == user && user.allowed_to?(:set_own_issues_private, issue.project))
     }
 
+  safe_attributes 'parent_issue_id',
+    :if => lambda {|issue, user| (issue.new_record? || user.allowed_to?(:edit_issues, issue.project)) &&
+      user.allowed_to?(:manage_subtasks, issue.project)}
+
   # Safely sets attributes
   # Should be called from controllers instead of #attributes=
   # attr_accessible is too rough because we still want things like
@@ -318,12 +321,8 @@ class Issue < ActiveRecord::Base
       attrs.reject! {|k,v| %w(priority_id done_ratio start_date due_date estimated_hours).include?(k)}
     end
 
-    if attrs.has_key?('parent_issue_id')
-      if !user.allowed_to?(:manage_subtasks, project)
-        attrs.delete('parent_issue_id')
-      elsif !attrs['parent_issue_id'].blank?
-        attrs.delete('parent_issue_id') unless Issue.visible(user).exists?(attrs['parent_issue_id'].to_i)
-      end
+    if attrs['parent_issue_id'].present?
+      attrs.delete('parent_issue_id') unless Issue.visible(user).exists?(attrs['parent_issue_id'].to_i)
     end
 
     # mass-assignment security bypass