Added more protection from permissions. #1138

2008-06-04 15:47:40 -07:00
parent 203ad5c90e
commit 9b4072875c
1 changed files with 13 additions and 15 deletions
--- a/app/views/deliverables/_deliverable.html.erb
+++ b/app/views/deliverables/_deliverable.html.erb
@@ -10,21 +10,19 @@
        <%= content_tag(:td, link_to_function("Details", "$('deliverable-details-#{deliverable.id}').toggle();"), :class => 'actions') %>
    </tr>
    <tr id="deliverable-details-<%= deliverable.id %>" class="deliverable deliverable-details <%= css %>" style="display:none;">
-      <%= content_tag(
-        :td,
-              "<dl>" +
-              paragraph_with_data("Deliverable Budget: ", number_to_currency(deliverable.budget, :precision => 0)) +
-              paragraph_with_data("Budget Spent: ", number_to_currency(deliverable.spent, :precision => 0)) +
-              paragraph_with_data("Budget Remaining: ", number_to_currency(deliverable.budget_remaining, :precision => 0)) +
-              paragraph_with_data("Hours Used: ", deliverable.hours_used) +
-              paragraph_with_data("Hours Estimated: ", deliverable.total_hours) +
-              paragraph_with_data("Progress: ", deliverable.progress) +
-              paragraph_with_data("Score ", deliverable.score) +
-              paragraph_with_data("Overruns ", number_to_currency(deliverable.overruns, :precision => 0)) +
-              paragraph_with_data("Profit: ", number_to_currency(deliverable.profit, :precision => 0)) +
-              "</dl>",
-              :colspan => 4) %>
-
+      <td colspan="4">
+        <dl>
+          <%= paragraph_with_data("Deliverable Budget: ", number_to_currency(deliverable.budget, :precision => 0)) -%>
+          <%= paragraph_with_data("Budget Spent: ", number_to_currency(deliverable.spent, :precision => 0)) if allowed_management? -%>
+          <%= paragraph_with_data("Budget Remaining: ", number_to_currency(deliverable.budget_remaining, :precision => 0)) if allowed_management? -%>
+          <%= paragraph_with_data("Hours Used: ", deliverable.hours_used) if allowed_management? -%>
+          <%= paragraph_with_data("Hours Estimated: ", deliverable.total_hours) if allowed_management? -%>
+          <%= paragraph_with_data("Progress: ", deliverable.progress) -%>
+          <%= paragraph_with_data("Score ", deliverable.score) if allowed_management? -%>
+          <%= paragraph_with_data("Overruns ", number_to_currency(deliverable.overruns, :precision => 0))  if allowed_management? -%>
+          <%= paragraph_with_data("Profit: ", number_to_currency(deliverable.profit, :precision => 0)) if allowed_management? -%>
+        </dl>
+      </td>
              <td colspan="4">
              <%= content_tag(:p,link_to("Assigned Issues", :action => 'issues', :id => @project.id, :deliverable_id => deliverable.id)) -%>
              <%= content_tag(:p,link_to("Edit", :action => 'edit', :id => @project.id, :deliverable_id => deliverable.id)) if allowed_management? -%>