Check permissions before the extra condition for displaying a menu item (#12721).
Patch by Daniel Ritz. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11112 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang
parent
3bf6f8d7ff
commit
9c698157f4
|
|
@ -190,20 +190,17 @@ module Redmine
|
||||||
|
|
||||||
# Checks if a user is allowed to access the menu item by:
|
# Checks if a user is allowed to access the menu item by:
|
||||||
#
|
#
|
||||||
# * Checking the conditions of the item
|
|
||||||
# * Checking the url target (project only)
|
# * Checking the url target (project only)
|
||||||
|
# * Checking the conditions of the item
|
||||||
def allowed_node?(node, user, project)
|
def allowed_node?(node, user, project)
|
||||||
|
if project && user && !user.allowed_to?(node.url, project)
|
||||||
|
return false
|
||||||
|
end
|
||||||
if node.condition && !node.condition.call(project)
|
if node.condition && !node.condition.call(project)
|
||||||
# Condition that doesn't pass
|
# Condition that doesn't pass
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
return true
|
||||||
if project
|
|
||||||
return user && user.allowed_to?(node.url, project)
|
|
||||||
else
|
|
||||||
# outside a project, all menu items allowed
|
|
||||||
return true
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue