Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-10-31 10:25:55 +01:00
Code Issues Packages Projects Releases Activity

Only admin users should be able to manage public queries on the project list (#29482).

Browse Source 
Like for issues, project members with the "Manage public" queries are allowed to manage public queries inside their projects, not public global queries that are proposed on /issues.

git-svn-id: http://svn.redmine.org/redmine/trunk@19091 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang
2019-11-20 15:01:24 +00:00
parent 18e6cc9cb6
commit 977bbea725
3 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/queries_controller.rb
View File

@@ -126,7 +126,7 @@ class QueriesController < ApplicationController
@query.column_names = nil if params[:default_columns]
@query.sort_criteria = (params[:query] && params[:query][:sort_criteria]) || @query.sort_criteria
@query.name = params[:query] && params[:query][:name]
if User.current.allowed_to?(:manage_public_queries, @query.project) || User.current.admin? || (@query.type == 'ProjectQuery' && User.current.allowed_to?(:manage_public_queries, @query.project, :global => true))
if User.current.allowed_to?(:manage_public_queries, @query.project) || User.current.admin?
@query.visibility = (params[:query] && params[:query][:visibility]) || Query::VISIBILITY_PRIVATE
@query.role_ids = params[:query] && params[:query][:role_ids]
else