Index: app/models/query.rb =================================================================== --- app/models/query.rb (révision 2761) +++ app/models/query.rb (copie de travail) @@ -334,7 +334,6 @@ elsif project project_clauses << "#{Project.table_name}.id = %d" % project.id end - project_clauses << Project.allowed_to_condition(User.current, :view_issues) project_clauses.join(' AND ') end @@ -375,6 +374,16 @@ end if filters and valid? + permissions = '(' + permissions << Project.allowed_to_condition(User.current, :view_issues) + permissions << ' OR (' + permissions << Project.allowed_to_condition(User.current, :view_own_issues) + permissions << ' AND ' + permissions << "#{Issue.table_name}.author_id = #{User.current.id.to_s}" + permissions << '))' + + filters_clauses << permissions + (filters_clauses << project_statement).join(' AND ') end Index: app/controllers/issues_controller.rb =================================================================== --- app/controllers/issues_controller.rb (révision 2761) +++ app/controllers/issues_controller.rb (copie de travail) @@ -106,19 +106,23 @@ end def show - @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC") - @journals.each_with_index {|j,i| j.indice = i+1} - @journals.reverse! if User.current.wants_comments_in_reverse_order? - @changesets = @issue.changesets - @changesets.reverse! if User.current.wants_comments_in_reverse_order? - @allowed_statuses = @issue.new_statuses_allowed_to(User.current) - @edit_allowed = User.current.allowed_to?(:edit_issues, @project) - @priorities = Enumeration.priorities - @time_entry = TimeEntry.new - respond_to do |format| - format.html { render :template => 'issues/show.rhtml' } - format.atom { render :action => 'changes', :layout => false, :content_type => 'application/atom+xml' } - format.pdf { send_data(issue_to_pdf(@issue), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") } + if User.current.allowed_to?(:view_issues, @project) or (User.current.allowed_to?(:view_own_issues, @project) and User.current == @issue.author) + @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC") + @journals.each_with_index {|j,i| j.indice = i+1} + @journals.reverse! if User.current.wants_comments_in_reverse_order? + @changesets = @issue.changesets + @changesets.reverse! if User.current.wants_comments_in_reverse_order? + @allowed_statuses = @issue.new_statuses_allowed_to(User.current) + @edit_allowed = User.current.allowed_to?(:edit_issues, @project) + @priorities = Enumeration.priorities + @time_entry = TimeEntry.new + respond_to do |format| + format.html { render :template => 'issues/show.rhtml' } + format.atom { render :action => 'changes', :layout => false, :content_type => 'application/atom+xml' } + format.pdf { send_data(issue_to_pdf(@issue), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") } + end + else + render_403 end end Index: app/views/issues/_sidebar.rhtml =================================================================== --- app/views/issues/_sidebar.rhtml (révision 2761) +++ app/views/issues/_sidebar.rhtml (copie de travail) @@ -1,6 +1,8 @@