From cd55529eaa952d260f99c00a06f0df543b1b4ac3 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Tue, 27 Jan 2009 18:19:27 +0000
Subject: [PATCH] Fixed that 'My page' blocks may display issues that the user
 is no longer allowed to view (#2590).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2322 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/models/issue.rb                           | 3 +++
 app/views/my/blocks/_issuesassignedtome.rhtml | 4 ++--
 app/views/my/blocks/_issuesreportedbyme.rhtml | 4 ++--
 app/views/my/blocks/_issueswatched.rhtml      | 4 ++--
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/app/models/issue.rb b/app/models/issue.rb
index 11db3f89..84a3c8e3 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -51,6 +51,9 @@ class Issue < ActiveRecord::Base
   validates_inclusion_of :done_ratio, :in => 0..100
   validates_numericality_of :estimated_hours, :allow_nil => true
 
+  named_scope :visible, lambda {|*args| { :include => :project,
+                                          :conditions => Project.allowed_to_condition(args.first || User.current, :view_issues) } }
+  
   def after_initialize
     if new_record?
       # set default values for new records only
diff --git a/app/views/my/blocks/_issuesassignedtome.rhtml b/app/views/my/blocks/_issuesassignedtome.rhtml
index 99812f6d..f5e2e3e6 100644
--- a/app/views/my/blocks/_issuesassignedtome.rhtml
+++ b/app/views/my/blocks/_issuesassignedtome.rhtml
@@ -1,6 +1,6 @@
 <h3><%=l(:label_assigned_to_me_issues)%></h3>
-<% assigned_issues = Issue.find(:all, 
-                                :conditions => ["assigned_to_id=? AND #{IssueStatus.table_name}.is_closed=? AND #{Project.table_name}.status=#{Project::STATUS_ACTIVE}", user.id, false],
+<% assigned_issues = Issue.visible.find(:all, 
+                                :conditions => ["assigned_to_id=? AND #{IssueStatus.table_name}.is_closed=?", user.id, false],
                                 :limit => 10, 
                                 :include => [ :status, :project, :tracker, :priority ], 
                                 :order => "#{Enumeration.table_name}.position DESC, #{Issue.table_name}.updated_on DESC") %>
diff --git a/app/views/my/blocks/_issuesreportedbyme.rhtml b/app/views/my/blocks/_issuesreportedbyme.rhtml
index 317aebbf..aa6e0e0e 100644
--- a/app/views/my/blocks/_issuesreportedbyme.rhtml
+++ b/app/views/my/blocks/_issuesreportedbyme.rhtml
@@ -1,6 +1,6 @@
 <h3><%=l(:label_reported_issues)%></h3>
-<% reported_issues = Issue.find(:all, 
-                                :conditions => ["author_id=? AND #{Project.table_name}.status=#{Project::STATUS_ACTIVE}", user.id],
+<% reported_issues = Issue.visible.find(:all, 
+                                :conditions => { :author_id => user.id },
                                 :limit => 10, 
                                 :include => [ :status, :project, :tracker ], 
                                 :order => "#{Issue.table_name}.updated_on DESC") %>
diff --git a/app/views/my/blocks/_issueswatched.rhtml b/app/views/my/blocks/_issueswatched.rhtml
index e5c2f23a..dc4bfb85 100644
--- a/app/views/my/blocks/_issueswatched.rhtml
+++ b/app/views/my/blocks/_issueswatched.rhtml
@@ -1,8 +1,8 @@
 <h3><%=l(:label_watched_issues)%></h3>
-<% watched_issues = Issue.find(:all, 
+<% watched_issues = Issue.visible.find(:all, 
                                :include => [:status, :project, :tracker, :watchers],
                                :limit => 10, 
-                               :conditions => ["#{Watcher.table_name}.user_id = ? AND #{Project.table_name}.status=#{Project::STATUS_ACTIVE}", user.id],
+                               :conditions => ["#{Watcher.table_name}.user_id = ?", user.id],
                                :order => "#{Issue.table_name}.updated_on DESC") %>
 <%= render :partial => 'issues/list_simple', :locals => { :issues => watched_issues } %>
 <% if watched_issues.length > 0 %>