Project

General

Profile

Actions

Defect #35634

closed

Attachments deletable even though issue edit not permitted

Added by D G over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Category:
Permissions and roles
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

If role A has permission to edit issues in tracker X but not in tracker Y, members of this role can delete attachments in issues with tracker Y.

This commit fixes this for attachments_editable? r15476. Likewise this should be done in /app/models/issue.rb:

  # Overrides Redmine::Acts::Attachable::InstanceMethods#attachments_deletable?
  def attachments_deletable?(user=User.current)
    attributes_editable?(user)
  end

Files

Actions

Also available in: Atom PDF