Disallowed items are shown in heart#index

cat-in-136 / redmine_hearts

a redmine plugin which provides intra-Redmine Like/Fav reactions

https://www.redmine.org/plugins/redmine_hearts

GNU General Public License v2.0

33 stars 3 forks source link

Disallowed items are shown in heart#index #11

Closed cat-in-136 closed 6 years ago

cat-in-136 commented 6 years ago

heart#index does not check if the current user has permission to view the "liked" items or not.

Expected: Do not show "Like" of items the current user does not have permission to show. Actual: Show "Like" of items even if the current user does not have permission to show.

cat-in-136 commented 6 years ago

I will fix this bug at the same time as issue #1.