History doesn't take into account permission

[bobot]

Hi,

When "View Threshold" is set to "developer", user with access level "reporter" can't see the changesets, good. However they can see them indirectly in the history with a quite explicit message. I expect them to see no informations about commits.

For reference in order to hard code this behavior for this configuration, I added the following code in history_get_raw_events_array in core/history_api.php

if( $v_type == PLUGIN_HISTORY && ($v_field_name == "Source_changeset_attached" || $v_field_name == "Source_changeset_removed")) {
          if( !$t_private_bugnote_visible ) {
                        continue;
              }
   }

[dregad]

I think that for a clean solution we would need to define a new event in the history api so that plugins can decide whether a history iten should be displayed or not.