Fixed: issue details view discloses relations to issues that the user is not allowed to view (#2589).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2343 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2009-01-31 13:22:29 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2009-01-31 13:22:29 +0000
commit: f021c856c19ab4a30a77de6a39239ee437712fa5 (patch)
tree: 12e0345c3f77f5d93e256bc2ad404f76c3a3f4fd /app/models/issue.rb
parent: 2679150ed45b6be974534f410e61416576ca0bd3 (diff)
download: redmine-f021c856c19ab4a30a77de6a39239ee437712fa5.tar.gz
redmine-f021c856c19ab4a30a77de6a39239ee437712fa5.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/app/models/issue.rb b/app/models/issue.rb
index d333fe3cc..cbd262800 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -54,6 +54,11 @@ class Issue < ActiveRecord::Base
   named_scope :visible, lambda {|*args| { :include => :project,
                                           :conditions => Project.allowed_to_condition(args.first || User.current, :view_issues) } }
   
+  # Returns true if usr or current user is allowed to view the issue
+  def visible?(usr=nil)
+    (usr || User.current).allowed_to?(:view_issues, self.project)
+  end
+  
   def after_initialize
     if new_record?
       # set default values for new records only
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2009-01-31 13:22:29 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2009-01-31 13:22:29 +0000
commit	f021c856c19ab4a30a77de6a39239ee437712fa5 (patch)
tree	12e0345c3f77f5d93e256bc2ad404f76c3a3f4fd /app/models/issue.rb
parent	2679150ed45b6be974534f410e61416576ca0bd3 (diff)
download	redmine-f021c856c19ab4a30a77de6a39239ee437712fa5.tar.gz redmine-f021c856c19ab4a30a77de6a39239ee437712fa5.zip