summaryrefslogtreecommitdiffstats
path: root/app/controllers/issues_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/issues_controller.rb')
-rw-r--r--app/controllers/issues_controller.rb14
1 files changed, 7 insertions, 7 deletions
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 0254a6d83..916229cbc 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -20,9 +20,9 @@ class IssuesController < ApplicationController
before_filter :find_issue, :only => [:show, :edit, :reply, :destroy_attachment]
before_filter :find_issues, :only => [:bulk_edit, :move, :destroy]
- before_filter :find_project, :only => [:new, :update_form, :preview, :gantt, :calendar]
- before_filter :authorize, :except => [:index, :changes, :preview, :update_form, :context_menu]
- before_filter :find_optional_project, :only => [:index, :changes]
+ before_filter :find_project, :only => [:new, :update_form, :preview]
+ before_filter :authorize, :except => [:index, :changes, :gantt, :calendar, :preview, :update_form, :context_menu]
+ before_filter :find_optional_project, :only => [:index, :changes, :gantt, :calendar]
accept_key_auth :index, :changes
helper :journals
@@ -352,7 +352,7 @@ class IssuesController < ApplicationController
respond_to do |format|
format.html { render :template => "issues/gantt.rhtml", :layout => !request.xhr? }
format.png { send_data(@gantt.to_image, :disposition => 'inline', :type => 'image/png', :filename => "#{@project.identifier}-gantt.png") } if @gantt.respond_to?('to_image')
- format.pdf { send_data(render(:template => "issues/gantt.rfpdf", :layout => false), :type => 'application/pdf', :filename => "#{@project.identifier}-gantt.pdf") }
+ format.pdf { send_data(render(:template => "issues/gantt.rfpdf", :layout => false), :type => 'application/pdf', :filename => "#{@project.nil? ? '' : "#{@project.identifier}-" }gantt.pdf") }
end
end
@@ -453,9 +453,9 @@ private
end
def find_optional_project
- return true unless params[:project_id]
- @project = Project.find(params[:project_id])
- authorize
+ @project = Project.find(params[:project_id]) unless params[:project_id].blank?
+ allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true)
+ allowed ? true : deny_access
rescue ActiveRecord::RecordNotFound
render_404
end
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-06 07:19:10 +0000