From 6ecf3907a012f5c12c6801f0d2ffe8b4e440c209 Mon Sep 17 00:00:00 2001
From: Paul Martin <paul@paulsputer.com>
Date: Tue, 05 Apr 2016 13:48:07 -0400
Subject: [PATCH] Merge pull request #1040 from gitblit/1037-EnforcePermissionsForTickets

---
 src/main/java/com/gitblit/wicket/pages/MyTicketsPage.java |   18 +++++++++++++-----
 1 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/MyTicketsPage.java b/src/main/java/com/gitblit/wicket/pages/MyTicketsPage.java
index 591c7fe..bfcedf6 100644
--- a/src/main/java/com/gitblit/wicket/pages/MyTicketsPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/MyTicketsPage.java
@@ -19,7 +19,6 @@
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.Comparator;
 import java.util.HashMap;
 import java.util.List;
 
@@ -343,14 +342,23 @@
         int page = (params != null) ? Math.max(1, WicketUtils.getPage(params)) : 1;
         int pageSize = app().settings().getInteger(Keys.tickets.perPage, 25);
 
-        final List<QueryResult> results = 
+        final List<QueryResult> allResults = 
             StringUtils.isEmpty(searchParam) ? query(qb, page, pageSize, sortBy, desc) : search(searchParam, page, pageSize);
 
-        int totalResults = results.size() == 0 ? 0 : results.get(0).totalResults;
-        buildPager(queryParam, milestoneParam, statiiParam, assignedToParam, sortBy, desc, repositoryId, page, pageSize, results.size(), totalResults);
+        List<QueryResult> viewableResults = new ArrayList<>(allResults.size());
+        for (QueryResult queryResult : allResults) {
+        	RepositoryModel model = app().repositories().getRepositoryModel(currentUser, queryResult.repository);
+			
+        	if ((model != null) && (currentUser.canView(model))) {
+        		viewableResults.add(queryResult);
+        	}
+		}
+            
+        int totalResults = viewableResults.size() == 0 ? 0 : viewableResults.get(0).totalResults;
+        buildPager(queryParam, milestoneParam, statiiParam, assignedToParam, sortBy, desc, repositoryId, page, pageSize, viewableResults.size(), totalResults);
 
         final boolean showSwatch = app().settings().getBoolean(Keys.web.repositoryListSwatches, true);
-        add(new TicketListPanel("ticketList", results, showSwatch, true));
+        add(new TicketListPanel("ticketList", viewableResults, showSwatch, true));
     }
 
     protected PageParameters queryParameters(

--
Gitblit v1.9.1