From 2c76240544629c750131cbb40d47100135f8ab33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Scha=CC=88fer?= Date: Fri, 2 Mar 2012 01:38:03 +0100 Subject: [PATCH] Fix edit issue notes permission #888 --- app/models/issue.rb | 9 +++++++++ app/models/journal.rb | 2 +- .../lib/redmine/acts/journalized/permissions.rb | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/app/models/issue.rb b/app/models/issue.rb index 2f0d350e..a57e3199 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -707,6 +707,15 @@ class Issue < ActiveRecord::Base projects end + # Overrides Redmine::Acts::Journalized::Permissions + # + # The default assumption is that journals have the same permissions + # as the journaled object, issue notes have separate permissions though + def journal_editable_by?(journal, user) + return true if journal.author == user && user.allowed_to?(:edit_own_issue_notes, project) + user.allowed_to? :edit_issue_notes, project + end + private def update_nested_set_attributes diff --git a/app/models/journal.rb b/app/models/journal.rb index a0ec3000..45bfc4e0 100644 --- a/app/models/journal.rb +++ b/app/models/journal.rb @@ -76,7 +76,7 @@ class Journal < ActiveRecord::Base end def editable_by?(user) - journaled.journal_editable_by?(user) + journaled.journal_editable_by?(self, user) end def details diff --git a/vendor/plugins/acts_as_journalized/lib/redmine/acts/journalized/permissions.rb b/vendor/plugins/acts_as_journalized/lib/redmine/acts/journalized/permissions.rb index 59bcc2e4..ab0dc038 100644 --- a/vendor/plugins/acts_as_journalized/lib/redmine/acts/journalized/permissions.rb +++ b/vendor/plugins/acts_as_journalized/lib/redmine/acts/journalized/permissions.rb @@ -22,7 +22,7 @@ module Redmine::Acts::Journalized module Permissions # Default implementation of journal editing permission # Is overridden if defined in the journalized model directly - def journal_editable_by?(user) + def journal_editable_by?(journal, user) return true if user.admin? if respond_to? :editable_by? editable_by? user