Fix edit issue notes permission #888

2012-03-02 01:38:03 +01:00 · 2012-03-02 01:38:03 +01:00 · 2c76240544
parent 724bd48494
commit 2c76240544
3 changed files with 11 additions and 2 deletions
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@ -707,6 +707,15 @@ class Issue < ActiveRecord::Base
    projects
  end

+  # Overrides Redmine::Acts::Journalized::Permissions
+  #
+  # The default assumption is that journals have the same permissions
+  # as the journaled object, issue notes have separate permissions though
+  def journal_editable_by?(journal, user)
+    return true if journal.author == user && user.allowed_to?(:edit_own_issue_notes, project)
+    user.allowed_to? :edit_issue_notes, project
+  end
+
  private

  def update_nested_set_attributes
--- a/app/models/journal.rb
+++ b/app/models/journal.rb
@ -76,7 +76,7 @@ class Journal < ActiveRecord::Base
  end

  def editable_by?(user)
-    journaled.journal_editable_by?(user)
+    journaled.journal_editable_by?(self, user)
  end

  def details
--- a/vendor/plugins/acts_as_journalized/lib/redmine/acts/journalized/permissions.rb
+++ b/vendor/plugins/acts_as_journalized/lib/redmine/acts/journalized/permissions.rb
@ -22,7 +22,7 @@ module Redmine::Acts::Journalized
  module Permissions
    # Default implementation of journal editing permission
    # Is overridden if defined in the journalized model directly
-    def journal_editable_by?(user)
+    def journal_editable_by?(journal, user)
      return true if user.admin?
      if respond_to? :editable_by?
        editable_by? user