Do not propose watchers that are not allowed to see the object (#33329).

Patch by Marius BALTEANU. git-svn-id: http://svn.redmine.org/redmine/trunk@20724 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Go MAEDA <maeda@farend.jp> 2021-01-24 05:31:18 +0000
committer: Go MAEDA <maeda@farend.jp> 2021-01-24 05:31:18 +0000
commit: 0f4228d4e6dca2b23409b8a67632c473e0426555 (patch)
tree: 46a11a5e7f3a5704c69a4fc5d92a1d380f000bc4 /app
parent: 020f56d93338d83bee4f8bf4ca45399615b356dc (diff)
download: redmine-0f4228d4e6dca2b23409b8a67632c473e0426555.tar.gz
redmine-0f4228d4e6dca2b23409b8a67632c473e0426555.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/app/controllers/watchers_controller.rb b/app/controllers/watchers_controller.rb
index f4e8f2287..86533c481 100644
--- a/app/controllers/watchers_controller.rb
+++ b/app/controllers/watchers_controller.rb
@@ -141,7 +141,12 @@ class WatchersController < ApplicationController
     end
     users = scope.sorted.like(params[:q]).to_a
     if @watchables && @watchables.size == 1
-      users -= @watchables.first.watcher_users
+      watchable_object = @watchables.first
+      users -= watchable_object.watcher_users
+
+      if watchable_object.respond_to?(:visible?)
+        users.reject! {|user| user.is_a?(User) && !watchable_object.visible?(user)}
+      end
     end
     users
   end
author	Go MAEDA <maeda@farend.jp>	2021-01-24 05:31:18 +0000
committer	Go MAEDA <maeda@farend.jp>	2021-01-24 05:31:18 +0000
commit	0f4228d4e6dca2b23409b8a67632c473e0426555 (patch)
tree	46a11a5e7f3a5704c69a4fc5d92a1d380f000bc4 /app
parent	020f56d93338d83bee4f8bf4ca45399615b356dc (diff)
download	redmine-0f4228d4e6dca2b23409b8a67632c473e0426555.tar.gz redmine-0f4228d4e6dca2b23409b8a67632c473e0426555.zip