Check permissions before the extra condition for displaying a menu item (#12721).
Patch by Daniel Ritz. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11112 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
3bf6f8d7ff
commit
9c698157f4
|
@ -190,22 +190,19 @@ module Redmine
|
|||
|
||||
# Checks if a user is allowed to access the menu item by:
|
||||
#
|
||||
# * Checking the conditions of the item
|
||||
# * Checking the url target (project only)
|
||||
# * Checking the conditions of the item
|
||||
def allowed_node?(node, user, project)
|
||||
if project && user && !user.allowed_to?(node.url, project)
|
||||
return false
|
||||
end
|
||||
if node.condition && !node.condition.call(project)
|
||||
# Condition that doesn't pass
|
||||
return false
|
||||
end
|
||||
|
||||
if project
|
||||
return user && user.allowed_to?(node.url, project)
|
||||
else
|
||||
# outside a project, all menu items allowed
|
||||
return true
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
class << self
|
||||
def map(menu_name)
|
||||
|
|
Loading…
Reference in New Issue