diff options
| author | Go MAEDA <maeda@farend.jp> | 2021-04-25 13:02:13 +0000 |
|---|---|---|
| committer | Go MAEDA <maeda@farend.jp> | 2021-04-25 13:02:13 +0000 |
| commit | cbd5f2ce8c2cc28a29c34c6aeea92e4f851e48f0 (patch) | |
| tree | a3bbb2251b7306db5d3de9c770293ef17d89201f /app/models/mail_handler.rb | |
| parent | d67ed93f39d692e8806f079a78dcc13eaf4d705e (diff) | |
| download | redmine-cbd5f2ce8c2cc28a29c34c6aeea92e4f851e48f0.tar.gz redmine-cbd5f2ce8c2cc28a29c34c6aeea92e4f851e48f0.zip | |
Mail handler bypasses add_issue_notes permission (#35045).
Patch by Marius BALTEANU.
git-svn-id: http://svn.redmine.org/redmine/trunk@20970 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/models/mail_handler.rb')
| -rw-r--r-- | app/models/mail_handler.rb | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/app/models/mail_handler.rb b/app/models/mail_handler.rb index 102cd8b75..fd2e25fb5 100644 --- a/app/models/mail_handler.rb +++ b/app/models/mail_handler.rb @@ -225,8 +225,7 @@ class MailHandler < ActionMailer::Base # check permission unless handler_options[:no_permission_check] - unless user.allowed_to?(:add_issue_notes, issue.project) || - user.allowed_to?(:edit_issues, issue.project) + unless issue.notes_addable? raise UnauthorizedAction, "not allowed to add notes on issues to project [#{issue.project.name}]" end end |