From 7cdb4f2a874190e56d88d213999cbee515b7e868 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Tue, 12 Apr 2011 19:45:47 +0000
Subject: No need to query changesets if user is not allowed to view them.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5445 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/issues_controller.rb | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'app/controllers/issues_controller.rb')

diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 4acd728ba..18484bef3 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -105,9 +105,13 @@ class IssuesController < ApplicationController
   def show
     @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
     @journals.each_with_index {|j,i| j.indice = i+1}
-    @journals.reverse! if User.current.wants_comments_in_reverse_order?
-    @changesets = @issue.changesets.visible.all
-    @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+    @journals.reverse! if User.current.wants_comments_in_reverse_order
+    
+    if User.current.allowed_to?(:view_changesets, @project)
+      @changesets = @issue.changesets.visible.all
+      @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+    end
+    
     @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
     @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
     @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
-- 
cgit v1.2.3