Check permissions before the extra condition for displaying a menu item (#12721).

Patch by Daniel Ritz. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11112 e93f8b46-1217-0410-a6f0-8f06a7374b81
2013-01-04 08:21:33 +00:00 · 2013-01-04 08:21:33 +00:00 · 9c698157f4
parent 3bf6f8d7ff
commit 9c698157f4
1 changed files with 5 additions and 8 deletions
--- a/lib/redmine/menu_manager.rb
+++ b/lib/redmine/menu_manager.rb
@ -190,20 +190,17 @@ module Redmine

      # Checks if a user is allowed to access the menu item by:
      #
-      # * Checking the conditions of the item
      # * Checking the url target (project only)
+      # * Checking the conditions of the item
      def allowed_node?(node, user, project)
+        if project && user && !user.allowed_to?(node.url, project)
+          return false
+        end
        if node.condition && !node.condition.call(project)
          # Condition that doesn't pass
          return false
        end
-
-        if project
-          return user && user.allowed_to?(node.url, project)
-        else
-          # outside a project, all menu items allowed
-          return true
-        end
+        return true
      end
    end