From ba89ca92c2104ef63fd1e668fe7580082e482a11 Mon Sep 17 00:00:00 2001
From: Brice Beaumesnil <brice.beaumesnil@douane.finances.gouv.fr>
Date: Tue, 11 Apr 2023 10:15:32 +0200
Subject: [PATCH] not need issue to show diff

---
 app/controllers/journals_controller.rb | 10 ++++++----
 app/views/journals/diff.html.erb       |  9 +++------
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/app/controllers/journals_controller.rb b/app/controllers/journals_controller.rb
index 9b26f1994..8fd5b0f0f 100644
--- a/app/controllers/journals_controller.rb
+++ b/app/controllers/journals_controller.rb
@@ -45,18 +45,17 @@ class JournalsController < ApplicationController
   end
 
   def diff
-    @issue = @journal.issue
     if params[:detail_id].present?
       @detail = @journal.details.find_by_id(params[:detail_id])
     else
       @detail = @journal.details.detect {|d| d.property == 'attr' && d.prop_key == 'description'}
     end
-    unless @issue && @detail
+    unless @journal.journalized && @detail
       render_404
       return false
     end
     if @detail.property == 'cf'
-      unless @detail.custom_field && @detail.custom_field.visible_by?(@issue.project, User.current)
+      unless @detail.custom_field && @detail.custom_field.visible_by?(@project, User.current)
         raise ::Unauthorized
       end
     end
@@ -107,8 +106,11 @@ class JournalsController < ApplicationController
   private
 
   def find_journal
-    @journal = Journal.visible.find(params[:id])
+    @journal = Journal.find(params[:id])
     @project = @journal.journalized.project
+    unless User.current.allowed_to?(:view_private_notes, @project) || @journal.journalized.visible_by?(@project, User.current)
+      raise ::Unauthorized
+    end              
   rescue ActiveRecord::RecordNotFound
     render_404
   end
diff --git a/app/views/journals/diff.html.erb b/app/views/journals/diff.html.erb
index c9b019d2b..7bb8bde72 100644
--- a/app/views/journals/diff.html.erb
+++ b/app/views/journals/diff.html.erb
@@ -1,11 +1,8 @@
-<h2><%= @issue.tracker %> #<%= @issue.id %></h2>
+<h2><%= @journal.journalized.to_s %></h2>
 <p><%= authoring @journal.created_on, @journal.user, :label => :label_updated_time_by %></p>
 
 <pre class="text-diff"><%= @diff.to_html %></pre>
 
-<p>
-  <%= link_to(l(:button_back), issue_path(@issue),
-              :onclick => 'if (document.referrer != "") {history.back(); return false;}') %>
-</p>
+<p><a href="javascript:history.back()"><%= l(:button_back) %></a></p>
 
-<% html_title "#{@issue.tracker.name} ##{@issue.id}: #{@issue.subject}" %>
+<% html_title @journal.journalized.to_s %>
-- 
2.29.2.windows.2