Make current_user_can_see correct

As :assign and :unassign privilege imply authorisation for assignment
list view

app/controllers/assigns_controller.rb

@@ -53,21 +53,9 @@ class AssignsController < ApplicationController
   end
 
   def index
-    return head 403 unless current_user_can_see || current_user_can_assign || current_user_can_unassign
+    return head 403 unless current_user_can_see
     @assignments = @project.assigns.active.preload(:service_pack)
   end
-
-  def report
-    # BROKEN
-    raise "Do Not Call This Method: #{self.class.name}\##{__method__}"
-
-    return head 403 unless User.current.allowed_to?(:see_assigned_service_packs, @project)
-    if assignment = assigned?(@project)
-      render csv: ServicePackReport.new(assignment.service_pack).call(@project), filename: "ServicePackReport_#{@project.name.gsub(/\s+/, -'_')}.csv"
-    else
-      render_404
-    end
-  end
   
   # =======================================================
   # :Docs
@@ -140,7 +128,9 @@ class AssignsController < ApplicationController
   # helper
 
   def current_user_can_see
-    User.current.allowed_to?(:see_assigned_service_packs, @project) # call once only
+    User.current.allowed_to?(:see_assigned_service_packs, @project) ||
+    current_user_can_assign ||
+    current_user_can_unassign # call once only
   end
 
   def current_user_can_assign

config/routes.rb

@@ -8,7 +8,6 @@ OpenProject::Application.routes.draw do
     get '/assigns/assign', to: 'assigns#to_assign'
     post '/assigns/assign', to: 'assigns#assign'
     post '/assigns/unassign/:service_pack_id', to: 'assigns#unassign'
-    get '/assigns/statistics', to: 'assigns#statistics', constraints: lambda { |req| req.format == :json }
     get '/assigns/', to: 'assigns#index'
   end
 end
\ No newline at end of file