Index: application_helper.rb =================================================================== --- application_helper.rb (revision 2761) +++ application_helper.rb (working copy) @@ -441,8 +441,9 @@ link = nil if esc.nil? if prefix.nil? && sep == 'r' - if project && (changeset = project.changesets.find_by_revision(oid)) + if project && (changeset = project.changesets.find_by_revision(oid)) && User.current.allowed_to?(:view_changesets, project) link = link_to("r#{oid}", {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => oid}, + :condition => Project.visible_by(User.current), :class => 'changeset', :title => truncate_single_line(changeset.comments, :length => 100)) end @@ -451,10 +452,12 @@ case prefix when nil if issue = Issue.find_by_id(oid, :include => [:project, :status], :conditions => Project.visible_by(User.current)) - link = link_to("##{oid}", {:only_path => only_path, :controller => 'issues', :action => 'show', :id => oid}, - :class => (issue.closed? ? 'issue closed' : 'issue'), - :title => "#{truncate(issue.subject, :length => 100)} (#{issue.status.name})") - link = content_tag('del', link) if issue.closed? + if User.current.allowed_to?(:view_issues, issue.project) or (User.current.allowed_to?(:view_own_issues, issue.project) and User.current == issue.author) + link = link_to("##{oid}", {:only_path => only_path, :controller => 'issues', :action => 'show', :id => oid}, + :class => (issue.closed? ? 'issue closed' : 'issue'), + :title => "#{truncate(issue.subject, :length => 100)} (#{issue.status.name})") + link = content_tag('del', link) if issue.closed? + end end when 'document' if document = Document.find_by_id(oid, :include => [:project], :conditions => Project.visible_by(User.current))