From f31a1e2bbbb74ed3e184c5b280900298d25d58ab Mon Sep 17 00:00:00 2001
From: Marius Balteanu <marius.balteanu@zitec.com>
Date: Thu, 5 Aug 2021 23:50:11 +0000
Subject: Fixed attachments deletable by user without edit issue permission on
 tracker (#35634).

git-svn-id: http://svn.redmine.org/redmine/trunk@21142 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/models/issue.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'app')

diff --git a/app/models/issue.rb b/app/models/issue.rb
index 09f8400cc..7ce04ad64 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -209,6 +209,11 @@ class Issue < ActiveRecord::Base
     user_tracker_permission?(user, :delete_issues)
   end
 
+  # Overrides Redmine::Acts::Attachable::InstanceMethods#attachments_deletable?
+  def attachments_deletable?(user=User.current)
+    attributes_editable?(user)
+  end
+
   def initialize(attributes=nil, *args)
     super
     if new_record?
-- 
cgit v1.2.3