diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-02-08 10:20:53 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-02-08 10:20:53 +0000 |
| commit | 01f673be08be68247b72a8954379b3f0c7a9a9d3 (patch) | |
| tree | 866383ef7f9e0e2b9fe73aee4f6dea417602d692 /app/models | |
| parent | 92cdae49199e6e8cc26408d0bbeea1466e7189c6 (diff) | |
| download | redmine-01f673be08be68247b72a8954379b3f0c7a9a9d3.tar.gz redmine-01f673be08be68247b72a8954379b3f0c7a9a9d3.zip | |
Removed :move_issues permission (#18855).
This permission was wrongly used to allow bulk issue copy. To prevent user from moving an issue to another project, the project field should now be set to read-only in the workflow permissions. A migration does this automatically for roles that have the edit_issues permission without having the move_issues permission.
git-svn-id: http://svn.redmine.org/redmine/trunk@13981 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/models')
| -rw-r--r-- | app/models/issue.rb | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/app/models/issue.rb b/app/models/issue.rb index aca31291d..5ea344a4f 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -378,8 +378,8 @@ class Issue < ActiveRecord::Base :if => lambda {|issue, user| if issue.new_record? issue.copy? - elsif user.allowed_to?(:move_issues, issue.project) - Issue.allowed_target_projects_on_move.count > 1 + else + user.allowed_to?(:edit_issues, issue.project) end } @@ -1282,16 +1282,18 @@ class Issue < ActiveRecord::Base # Returns a scope of projects that user can assign the issue to def allowed_target_projects(user=User.current) - if new_record? - Project.where(Project.allowed_to_condition(user, :add_issues)) - else - self.class.allowed_target_projects_on_move(user) - end + current_project = new_record? ? nil : project + self.class.allowed_target_projects(user, current_project) end - # Returns a scope of projects that user can move issues to - def self.allowed_target_projects_on_move(user=User.current) - Project.where(Project.allowed_to_condition(user, :move_issues)) + # Returns a scope of projects that user can assign issues to + # If current_project is given, it will be included in the scope + def self.allowed_target_projects(user=User.current, current_project=nil) + condition = Project.allowed_to_condition(user, :add_issues) + if current_project + condition = ["(#{condition}) OR #{Project.table_name}.id = ?", current_project.id] + end + Project.where(condition) end private |