From 805aef85de116d79e6fa36e3db5d74591df61b52 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sat, 30 Mar 2019 06:13:08 +0000
Subject: "View differences" buttons are shown in the repository page even
 without "Browse repository" permission (#30731).

Patch by Go MAEDA.

git-svn-id: http://svn.redmine.org/redmine/trunk@18013 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/views/repositories/_revisions.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/views/repositories')

diff --git a/app/views/repositories/_revisions.html.erb b/app/views/repositories/_revisions.html.erb
index 914999b34..514380791 100644
--- a/app/views/repositories/_revisions.html.erb
+++ b/app/views/repositories/_revisions.html.erb
@@ -20,7 +20,7 @@ end %>
        :repository_id => @repository.identifier_param, :path => to_path_param(path)},
       :method => :get
      ) do %>
-<% show_diff = revisions.size > 1 %>
+<% show_diff = revisions.size > 1 && User.current.allowed_to?(:browse_repository, @repository.project) %>
 <%= submit_tag(l(:label_view_diff), :name => nil) if show_diff %>
 <table class="list changesets">
 <thead><tr>
-- 
cgit v1.2.3