Fixed: private queries should not be accessible to other users (#8729).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6163 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2011-07-03 11:01:08 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2011-07-03 11:01:08 +0000
commit: 8914d323ee14c660c169ef143800343f87af33da (patch)
tree: 44ed9cc964f4b7888a84d7124fcf6d143f2db357 /app/models
parent: aede35d2268dbe25258344ffacf35487cc6e2ae7 (diff)
download: redmine-8914d323ee14c660c169ef143800343f87af33da.tar.gz
redmine-8914d323ee14c660c169ef143800343f87af33da.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/app/models/query.rb b/app/models/query.rb
index 678fca9d9..786751c8c 100644
--- a/app/models/query.rb
+++ b/app/models/query.rb
@@ -165,6 +165,11 @@ class Query < ActiveRecord::Base
           ["o", "c", "!*", "*", "t", "w"].include? operator_for(field)
     end if filters
   end
+  
+  # Returns true if the query is visible to +user+ or the current user.
+  def visible?(user=User.current)
+    self.is_public? || self.user_id == user.id
+  end
 
   def editable_by?(user)
     return false unless user
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2011-07-03 11:01:08 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2011-07-03 11:01:08 +0000
commit	8914d323ee14c660c169ef143800343f87af33da (patch)
tree	44ed9cc964f4b7888a84d7124fcf6d143f2db357 /app/models
parent	aede35d2268dbe25258344ffacf35487cc6e2ae7 (diff)
download	redmine-8914d323ee14c660c169ef143800343f87af33da.tar.gz redmine-8914d323ee14c660c169ef143800343f87af33da.zip