diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-05-14 18:01:13 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-05-14 18:01:13 +0000 |
| commit | 7ee38a95a0052ddc544137f32fcf9114e5ffabb9 (patch) | |
| tree | 363d189e6aca2fd389c8f58ff58ed96e35fdcd6a /app | |
| parent | 06e44b8e643797c8d5a11478ef6605f49c7220e0 (diff) | |
| download | redmine-7ee38a95a0052ddc544137f32fcf9114e5ffabb9.tar.gz redmine-7ee38a95a0052ddc544137f32fcf9114e5ffabb9.zip | |
Fixed: Calendar and Gantt show private subprojects even if current user is not a member of them (#1217).
git-svn-id: http://redmine.rubyforge.org/svn/trunk@1431 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app')
| -rw-r--r-- | app/models/project.rb | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/app/models/project.rb b/app/models/project.rb index 964469649..8c32c8562 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -73,9 +73,9 @@ class Project < ActiveRecord::Base def issues_with_subprojects(include_subprojects=false) conditions = nil - if include_subprojects && !active_children.empty? - ids = [id] + active_children.collect {|c| c.id} - conditions = ["#{Project.table_name}.id IN (#{ids.join(',')})"] + if include_subprojects + ids = [id] + child_ids + conditions = ["#{Project.table_name}.id IN (#{ids.join(',')}) AND #{Project.visible_by}"] end conditions ||= ["#{Project.table_name}.id = ?", id] # Quick and dirty fix for Rails 2 compatibility @@ -93,6 +93,7 @@ class Project < ActiveRecord::Base end def self.visible_by(user=nil) + user ||= User.current if user && user.admin? return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}" elsif user && user.memberships.any? |