781460-Fixed an env security acess violiation issue

src/app/controllers/systems_controller.rb

@@ -11,17 +11,15 @@
 # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
 
 class SystemsController < ApplicationController
-  include AutoCompleteSearch
   include SystemsHelper
 
-  before_filter :find_system, :except =>[:index, :auto_complete_search, :items, :environments, :env_items, :bulk_destroy, :destroy, :new, :create]
+  before_filter :find_system, :except =>[:index, :items, :environments, :bulk_destroy, :destroy, :new, :create]
   before_filter :find_systems, :only=>[:bulk_destroy]
 
-  before_filter :find_environment, :only => [:environments, :env_items, :new]
+  before_filter :find_environment, :only => [:environments, :new]
   before_filter :authorize
 
-  before_filter :setup_options, :only => [:index, :items, :environments, :env_items]
-  before_filter :search_filter, :only => [:auto_complete_search]
+  before_filter :setup_options, :only => [:index, :items, :environments]
 
   # two pane columns and mapping for sortable fields
   COLUMNS = {'name' => 'name_sort', 'lastCheckin' => 'lastCheckin'}
@@ -33,15 +31,20 @@ def rules
     any_readable = lambda{System.any_readable?(current_organization)}
     delete_systems = lambda{true}
     register_system = lambda { System.registerable?(@environment, current_organization) }
-
+    items_test = lambda do
+      if params[:env_id]
+        @environment = KTEnvironment.find(params[:env_id])
+        @environment && @environment.systems_readable?
+      else
+        System.any_readable?(current_organization)
+      end
+    end
     {
       :index => any_readable,
       :create => register_system,
       :new => register_system,
-      :items => any_readable,
-      :auto_complete_search => any_readable,
+      :items => items_test,
       :environments => env_system,
-      :env_items => env_system,
       :subscriptions => read_system,
       :update_subscriptions => edit_system,
       :products => read_system,