summaryrefslogtreecommitdiffstats
path: root/app/controllers/issues_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/issues_controller.rb')
-rw-r--r--app/controllers/issues_controller.rb9
1 files changed, 9 insertions, 0 deletions
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 37825c995..67956667a 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -211,6 +211,10 @@ class IssuesController < ApplicationController
unless User.current.allowed_to?(:copy_issues, @projects)
raise ::Unauthorized
end
+ else
+ unless @issues.all?(&:attributes_editable?)
+ raise ::Unauthorized
+ end
end
@allowed_projects = Issue.allowed_target_projects
@@ -263,6 +267,10 @@ class IssuesController < ApplicationController
unless User.current.allowed_to?(:add_issues, target_projects)
raise ::Unauthorized
end
+ else
+ unless @issues.all?(&:attributes_editable?)
+ raise ::Unauthorized
+ end
end
unsaved_issues = []
@@ -316,6 +324,7 @@ class IssuesController < ApplicationController
end
def destroy
+ raise Unauthorized unless @issues.all?(&:deletable?)
@hours = TimeEntry.where(:issue_id => @issues.map(&:id)).sum(:hours).to_f
if @hours > 0
case params[:todo]
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 00:45:52 +0000