https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292019-03-08T04:23:53ZRedmineRedmine - Defect #30731: "View differences" buttons are shown in the repository page even without "Browse repository" permissionhttps://www.redmine.org/issues/30731?journal_id=906582019-03-08T04:23:53ZTakenori TAKAKItakenory@gmail.com
<ul><li><strong>File</strong> <a href="/attachments/22592">fix-30731.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/22592/fix-30731.patch">fix-30731.patch</a> added</li></ul><p>It seems to be able to solve this problem by adding the following condition for disp the button.<br /><pre><code class="ruby syntaxhl"> <span class="no">User</span><span class="p">.</span><span class="nf">current</span><span class="p">.</span><span class="nf">allowed_to?</span><span class="p">(</span><span class="ss">:browse_repository</span><span class="p">,</span> <span class="vi">@repository</span><span class="p">.</span><span class="nf">project</span><span class="p">)</span>
</code></pre><br />I made a patch and attached it.</p> Redmine - Defect #30731: "View differences" buttons are shown in the repository page even without "Browse repository" permissionhttps://www.redmine.org/issues/30731?journal_id=909022019-03-24T05:31:03ZGo MAEDA
<ul><li><strong>Target version</strong> set to <i>Candidate for next minor release</i></li></ul><p>Thank you for the patch. While reviewing the patch, I found that we don't have to show radio buttons to select revisions to show diff when "View differences" is hidden.</p>
<p>IMHO, the following fix is better. It hides the radio boxes as well as the button. In addition, it is simpler.</p>
<pre><code class="diff syntaxhl"><span class="gh">diff --git a/app/views/repositories/_revisions.html.erb b/app/views/repositories/_revisions.html.erb
index 914999b34..514380791 100644
</span><span class="gd">--- a/app/views/repositories/_revisions.html.erb
</span><span class="gi">+++ b/app/views/repositories/_revisions.html.erb
</span><span class="p">@@ -20,7 +20,7 @@</span> end %>
:repository_id => @repository.identifier_param, :path => to_path_param(path)},
:method => :get
) do %>
<span class="gd">-<% show_diff = revisions.size > 1 %>
</span><span class="gi">+<% show_diff = revisions.size > 1 && User.current.allowed_to?(:browse_repository, @repository.project) %>
</span> <%= submit_tag(l(:label_view_diff), :name => nil) if show_diff %>
<table class="list changesets">
<thead><tr>
</code></pre> Redmine - Defect #30731: "View differences" buttons are shown in the repository page even without "Browse repository" permissionhttps://www.redmine.org/issues/30731?journal_id=909172019-03-25T02:59:00ZTakenori TAKAKItakenory@gmail.com
<ul></ul><p>Right, As you said the radio button should also be hidden.<br />I also thought that the proposed patch is simpler and better.</p> Redmine - Defect #30731: "View differences" buttons are shown in the repository page even without "Browse repository" permissionhttps://www.redmine.org/issues/30731?journal_id=909202019-03-25T08:34:53ZGo MAEDA
<ul><li><strong>File</strong> <a href="/attachments/22692">test-for-30731.diff</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/22692/test-for-30731.diff">test-for-30731.diff</a> added</li><li><strong>Target version</strong> changed from <i>Candidate for next minor release</i> to <i>4.0.3</i></li></ul><p>Setting the target version to 4.0.3.</p> Redmine - Defect #30731: "View differences" buttons are shown in the repository page even without "Browse repository" permissionhttps://www.redmine.org/issues/30731?journal_id=909562019-03-27T00:38:09ZGo MAEDA
<ul><li><strong>Subject</strong> changed from <i>"View differences" buttons are shown on the repository page even if the user does not have a "Browse repository" permission</i> to <i>"View differences" buttons are shown in the repository page even without "Browse repository" permission</i></li></ul> Redmine - Defect #30731: "View differences" buttons are shown in the repository page even without "Browse repository" permissionhttps://www.redmine.org/issues/30731?journal_id=910072019-03-30T07:14:39ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Assignee</strong> set to <i>Jean-Philippe Lang</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul><p>Committed, thanks.</p>