summaryrefslogtreecommitdiffstats
path: root/app/controllers/issues_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/issues_controller.rb')
-rw-r--r--app/controllers/issues_controller.rb8
1 files changed, 7 insertions, 1 deletions
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index fdce296c4..4acd728ba 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -1,5 +1,5 @@
# Redmine - project management software
-# Copyright (C) 2006-2008 Jean-Philippe Lang
+# Copyright (C) 2006-2011 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -251,7 +251,13 @@ class IssuesController < ApplicationController
private
def find_issue
+ # Issue.visible.find(...) can not be used to redirect user to the login form
+ # if the issue actually exists but requires authentication
@issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
+ unless @issue.visible?
+ deny_access
+ return
+ end
@project = @issue.project
rescue ActiveRecord::RecordNotFound
render_404
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-06 22:52:49 +0000