Index: app/models/query.rb
===================================================================
--- app/models/query.rb	(révision 2761)
+++ app/models/query.rb	(copie de travail)
@@ -334,7 +334,6 @@
     elsif project
       project_clauses << "#{Project.table_name}.id = %d" % project.id
     end
-    project_clauses <<  Project.allowed_to_condition(User.current, :view_issues)
     project_clauses.join(' AND ')
   end
 
@@ -375,6 +374,16 @@
       
     end if filters and valid?
     
+    permissions = '('
+    permissions << Project.allowed_to_condition(User.current, :view_issues)
+    permissions << ' OR ('
+    permissions << Project.allowed_to_condition(User.current, :view_own_issues)
+    permissions << ' AND '
+    permissions << "#{Issue.table_name}.author_id = #{User.current.id.to_s}"
+    permissions << '))'
+
+    filters_clauses << permissions
+
     (filters_clauses << project_statement).join(' AND ')
   end
   
Index: app/controllers/issues_controller.rb
===================================================================
--- app/controllers/issues_controller.rb	(révision 2761)
+++ app/controllers/issues_controller.rb	(copie de travail)
@@ -106,19 +106,23 @@
   end
   
   def show
-    @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
-    @journals.each_with_index {|j,i| j.indice = i+1}
-    @journals.reverse! if User.current.wants_comments_in_reverse_order?
-    @changesets = @issue.changesets
-    @changesets.reverse! if User.current.wants_comments_in_reverse_order?
-    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
-    @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
-    @priorities = Enumeration.priorities
-    @time_entry = TimeEntry.new
-    respond_to do |format|
-      format.html { render :template => 'issues/show.rhtml' }
-      format.atom { render :action => 'changes', :layout => false, :content_type => 'application/atom+xml' }
-      format.pdf  { send_data(issue_to_pdf(@issue), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") }
+    if User.current.allowed_to?(:view_issues, @project) or (User.current.allowed_to?(:view_own_issues, @project) and User.current == @issue.author)
+      @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
+      @journals.each_with_index {|j,i| j.indice = i+1}
+      @journals.reverse! if User.current.wants_comments_in_reverse_order?
+      @changesets = @issue.changesets
+      @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+      @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
+      @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
+      @priorities = Enumeration.priorities
+      @time_entry = TimeEntry.new
+      respond_to do |format|
+        format.html { render :template => 'issues/show.rhtml' }
+        format.atom { render :action => 'changes', :layout => false, :content_type => 'application/atom+xml' }
+        format.pdf  { send_data(issue_to_pdf(@issue), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") }
+      end
+    else
+      render_403
     end
   end
 
Index: app/views/issues/_sidebar.rhtml
===================================================================
--- app/views/issues/_sidebar.rhtml	(révision 2761)
+++ app/views/issues/_sidebar.rhtml	(copie de travail)
@@ -1,6 +1,8 @@
 <h3><%= l(:label_issue_plural) %></h3>
+<% if User.current.allowed_to?(:view_issues, @project) or User.current.allowed_to?(:view_own_issues, @project) %>
 <%= link_to l(:label_issue_view_all), { :controller => 'issues', :action => 'index', :project_id => @project, :set_filter => 1 } %><br />
-<% if @project %>
+<% end %>
+<% if @project and User.current.allowed_to?(:view_issues, @project) %>
 <%= link_to l(:field_summary), :controller => 'reports', :action => 'issue_report', :id => @project %><br />
 <%= link_to l(:label_change_log), :controller => 'projects', :action => 'changelog', :id => @project %><br />
 <% end %>
Index: lib/redmine.rb
===================================================================
--- lib/redmine.rb	(révision 2761)
+++ lib/redmine.rb	(copie de travail)
@@ -34,7 +34,8 @@
                                   :issues => [:index, :changes, :show, :context_menu],
                                   :versions => [:show, :status_by],
                                   :queries => :index,
-                                  :reports => :issue_report}, :public => true                    
+                                  :reports => :issue_report}                    
+    map.permission :view_own_issues, {:issues => [:index, :changes, :show], :queries => :index}
     map.permission :add_issues, {:issues => :new}
     map.permission :edit_issues, {:issues => [:edit, :reply, :bulk_edit]}
     map.permission :manage_issue_relations, {:issue_relations => [:new, :destroy]}