Defect #11872 » private-issues-fix.patch
app/models/issue.rb | ||
---|---|---|
105 | 105 |
when 'all' |
106 | 106 |
true |
107 | 107 |
when 'default' |
108 |
!self.is_private? || self.author == user || user.is_or_belongs_to?(assigned_to)
|
|
108 |
!self.is_private? || (self.author == user && user != User.anonymous) || user.is_or_belongs_to?(assigned_to)
|
|
109 | 109 |
when 'own' |
110 | 110 |
self.author == user || user.is_or_belongs_to?(assigned_to) |
111 | 111 |
else |
app/models/user.rb | ||
---|---|---|
464 | 464 | |
465 | 465 |
roles = roles_for_project(context) |
466 | 466 |
return false unless roles |
467 |
roles.detect {|role|
|
|
467 |
roles.any? {|role|
|
|
468 | 468 |
(context.is_public? || role.member?) && |
469 | 469 |
role.allowed_to?(action) && |
470 | 470 |
(block_given? ? yield(role, self) : true) |
... | ... | |
483 | 483 |
# authorize if user has at least one role that has this permission |
484 | 484 |
roles = memberships.collect {|m| m.roles}.flatten.uniq |
485 | 485 |
roles << (self.logged? ? Role.non_member : Role.anonymous) |
486 |
roles.detect {|role|
|
|
486 |
roles.any? {|role|
|
|
487 | 487 |
role.allowed_to?(action) && |
488 | 488 |
(block_given? ? yield(role, self) : true) |
489 | 489 |
} |