Commit 58ac731c3764d1cbf3a4a1e60e5c5374ec460546
1 parent
5a098e84
Exists in
spb-stable
and in
3 other branches
Fix Issues#bulk_update
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Showing
2 changed files
with
7 additions
and
3 deletions
Show diff stats
app/controllers/projects/issues_controller.rb
| @@ -9,7 +9,10 @@ class Projects::IssuesController < Projects::ApplicationController | @@ -9,7 +9,10 @@ class Projects::IssuesController < Projects::ApplicationController | ||
| 9 | before_filter :authorize_write_issue!, only: [:new, :create] | 9 | before_filter :authorize_write_issue!, only: [:new, :create] |
| 10 | 10 | ||
| 11 | # Allow modify issue | 11 | # Allow modify issue |
| 12 | - before_filter :authorize_modify_issue!, only: [:edit, :update, :bulk_update] | 12 | + before_filter :authorize_modify_issue!, only: [:edit, :update] |
| 13 | + | ||
| 14 | + # Allow issues bulk update | ||
| 15 | + before_filter :authorize_admin_issues!, only: [:bulk_update] | ||
| 13 | 16 | ||
| 14 | respond_to :html | 17 | respond_to :html |
| 15 | 18 | ||
| @@ -107,8 +110,8 @@ class Projects::IssuesController < Projects::ApplicationController | @@ -107,8 +110,8 @@ class Projects::IssuesController < Projects::ApplicationController | ||
| 107 | return render_404 unless can?(current_user, :modify_issue, @issue) | 110 | return render_404 unless can?(current_user, :modify_issue, @issue) |
| 108 | end | 111 | end |
| 109 | 112 | ||
| 110 | - def authorize_admin_issue! | ||
| 111 | - return render_404 unless can?(current_user, :admin_issue, @issue) | 113 | + def authorize_admin_issues! |
| 114 | + return render_404 unless can?(current_user, :admin_issue, @project) | ||
| 112 | end | 115 | end |
| 113 | 116 | ||
| 114 | def module_enabled | 117 | def module_enabled |
app/models/ability.rb