From 7ca05374db6f6af9de06665c9d2d08acfe85aa4f Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 05 Mar 2014 12:26:14 -0500
Subject: [PATCH] Centralized ticket editing permission controls

---
 src/main/java/com/gitblit/wicket/pages/TicketPage.java |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/TicketPage.java b/src/main/java/com/gitblit/wicket/pages/TicketPage.java
index 3f92eaa..5e0e682 100644
--- a/src/main/java/com/gitblit/wicket/pages/TicketPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/TicketPage.java
@@ -115,7 +115,6 @@
 		super(params);
 
 		final UserModel user = GitBlitWebSession.get().getUser() == null ? UserModel.ANONYMOUS : GitBlitWebSession.get().getUser();
-		final boolean isAuthenticated = !UserModel.ANONYMOUS.equals(user) && user.isAuthenticated;
 		final RepositoryModel repository = getRepositoryModel();
 		final String id = WicketUtils.getObject(params);
 		long ticketId = Long.parseLong(id);
@@ -327,7 +326,7 @@
 		/*
 		 * UPDATE FORM (DISCUSSION TAB)
 		 */
-		if (isAuthenticated && app().tickets().isAcceptingTicketUpdates(repository)) {
+		if (user.canEdit(ticket, repository) && app().tickets().isAcceptingTicketUpdates(repository)) {
 			if (ticket.isOpen()) {
 				/*
 				 * OPEN TICKET

--
Gitblit v1.9.1