Defect #11872 » private-issues-fix.patch
| app/models/issue.rb | ||
|---|---|---|
| 105 | 105 |
when 'all' |
| 106 | 106 |
true |
| 107 | 107 |
when 'default' |
| 108 |
!self.is_private? || self.author == user || user.is_or_belongs_to?(assigned_to)
|
|
| 108 |
!self.is_private? || (self.author == user && user != User.anonymous) || user.is_or_belongs_to?(assigned_to)
|
|
| 109 | 109 |
when 'own' |
| 110 | 110 |
self.author == user || user.is_or_belongs_to?(assigned_to) |
| 111 | 111 |
else |
| app/models/user.rb | ||
|---|---|---|
| 464 | 464 | |
| 465 | 465 |
roles = roles_for_project(context) |
| 466 | 466 |
return false unless roles |
| 467 |
roles.detect {|role|
|
|
| 467 |
roles.any? {|role|
|
|
| 468 | 468 |
(context.is_public? || role.member?) && |
| 469 | 469 |
role.allowed_to?(action) && |
| 470 | 470 |
(block_given? ? yield(role, self) : true) |
| ... | ... | |
| 483 | 483 |
# authorize if user has at least one role that has this permission |
| 484 | 484 |
roles = memberships.collect {|m| m.roles}.flatten.uniq
|
| 485 | 485 |
roles << (self.logged? ? Role.non_member : Role.anonymous) |
| 486 |
roles.detect {|role|
|
|
| 486 |
roles.any? {|role|
|
|
| 487 | 487 |
role.allowed_to?(action) && |
| 488 | 488 |
(block_given? ? yield(role, self) : true) |
| 489 | 489 |
} |