diff options
Diffstat (limited to 'app/controllers/journals_controller.rb')
| -rw-r--r-- | app/controllers/journals_controller.rb | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/app/controllers/journals_controller.rb b/app/controllers/journals_controller.rb index fd75d752a..bae6ca2bc 100644 --- a/app/controllers/journals_controller.rb +++ b/app/controllers/journals_controller.rb @@ -49,9 +49,17 @@ class JournalsController < ApplicationController if params[:detail_id].present? @detail = @journal.details.find_by_id(params[:detail_id]) else - @detail = @journal.details.detect {|d| d.prop_key == 'description'} + @detail = @journal.details.detect {|d| d.property == 'attr' && d.prop_key == 'description'} + end + unless @issue && @detail + render_404 + return false + end + if @detail.property == 'cf' + unless @detail.custom_field && @detail.custom_field.visible_by?(@issue.project, User.current) + raise ::Unauthorized + end end - (render_404; return false) unless @issue && @detail @diff = Redmine::Helpers::Diff.new(@detail.value, @detail.old_value) end |