Adds updated_by and last_updated_by filters on issues (#17720).

git-svn-id: http://svn.redmine.org/redmine/trunk@16228 e93f8b46-1217-0410-a6f0-8f06a7374b81

1 files changed, 10 insertions, 3 deletions

diff --git a/app/models/journal.rb b/app/models/journal.rb
index 447cbe4b5..7d1a6eb34 100644
--- a/app/models/journal.rb
+++ b/app/models/journal.rb
@@ -47,10 +47,11 @@ class Journal < ActiveRecord::Base
 
   scope :visible, lambda {|*args|
     user = args.shift || User.current
-    private_notes_condition = Project.allowed_to_condition(user, :view_private_notes, *args)
+    options = args.shift || {}
+
     joins(:issue => :project).
-      where(Issue.visible_condition(user, *args)).
-      where("(#{Journal.table_name}.private_notes = ? OR #{Journal.table_name}.user_id = ? OR (#{private_notes_condition}))", false, user.id)
+      where(Issue.visible_condition(user, options)).
+      where(Journal.visible_notes_condition(user, :skip_pre_condition => true))
   }
 
   safe_attributes 'notes',
@@ -58,6 +59,12 @@ class Journal < ActiveRecord::Base
   safe_attributes 'private_notes',
     :if => lambda {|journal, user| user.allowed_to?(:set_notes_private, journal.project)}
 
+  # Returns a SQL condition to filter out journals with notes that are not visible to user
+  def self.visible_notes_condition(user=User.current, options={})
+    private_notes_permission = Project.allowed_to_condition(user, :view_private_notes, options)
+    sanitize_sql_for_conditions(["(#{table_name}.private_notes = ? OR #{table_name}.user_id = ? OR (#{private_notes_permission}))", false, user.id])
+  end
+
   def initialize(*args)
     super
     if journalized