Fixed that 'My page' blocks may display issues that the user is no longer allowed to view (#2590).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2322 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-01-27 18:19:27 +00:00 · 2009-01-27 18:19:27 +00:00 · cd55529eaa
parent 837f074346
commit cd55529eaa
4 changed files with 9 additions and 6 deletions
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@ -51,6 +51,9 @@ class Issue < ActiveRecord::Base
  validates_inclusion_of :done_ratio, :in => 0..100
  validates_numericality_of :estimated_hours, :allow_nil => true

+  named_scope :visible, lambda {|*args| { :include => :project,
+                                          :conditions => Project.allowed_to_condition(args.first || User.current, :view_issues) } }
+  
  def after_initialize
    if new_record?
      # set default values for new records only
--- a/app/views/my/blocks/_issuesassignedtome.rhtml
+++ b/app/views/my/blocks/_issuesassignedtome.rhtml
@ -1,6 +1,6 @@
 <h3><%=l(:label_assigned_to_me_issues)%></h3>
-<% assigned_issues = Issue.find(:all, 
-                                :conditions => ["assigned_to_id=? AND #{IssueStatus.table_name}.is_closed=? AND #{Project.table_name}.status=#{Project::STATUS_ACTIVE}", user.id, false],
+<% assigned_issues = Issue.visible.find(:all, 
+                                :conditions => ["assigned_to_id=? AND #{IssueStatus.table_name}.is_closed=?", user.id, false],
                                :limit => 10, 
                                :include => [ :status, :project, :tracker, :priority ], 
                                :order => "#{Enumeration.table_name}.position DESC, #{Issue.table_name}.updated_on DESC") %>
--- a/app/views/my/blocks/_issuesreportedbyme.rhtml
+++ b/app/views/my/blocks/_issuesreportedbyme.rhtml
@ -1,6 +1,6 @@
 <h3><%=l(:label_reported_issues)%></h3>
-<% reported_issues = Issue.find(:all, 
-                                :conditions => ["author_id=? AND #{Project.table_name}.status=#{Project::STATUS_ACTIVE}", user.id],
+<% reported_issues = Issue.visible.find(:all, 
+                                :conditions => { :author_id => user.id },
                                :limit => 10, 
                                :include => [ :status, :project, :tracker ], 
                                :order => "#{Issue.table_name}.updated_on DESC") %>
--- a/app/views/my/blocks/_issueswatched.rhtml
+++ b/app/views/my/blocks/_issueswatched.rhtml
@ -1,8 +1,8 @@
 <h3><%=l(:label_watched_issues)%></h3>
-<% watched_issues = Issue.find(:all, 
+<% watched_issues = Issue.visible.find(:all, 
                               :include => [:status, :project, :tracker, :watchers],
                               :limit => 10, 
-                               :conditions => ["#{Watcher.table_name}.user_id = ? AND #{Project.table_name}.status=#{Project::STATUS_ACTIVE}", user.id],
+                               :conditions => ["#{Watcher.table_name}.user_id = ?", user.id],
                               :order => "#{Issue.table_name}.updated_on DESC") %>
 <%= render :partial => 'issues/list_simple', :locals => { :issues => watched_issues } %>
 <% if watched_issues.length > 0 %>