diff options
| author | Douwe Maan <douwe@gitlab.com> | 2015-08-20 18:32:32 -0700 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2015-08-21 09:38:38 -0700 |
| commit | 032d2442b1b6d40cb6e2d2a169f7a479e287975f (patch) | |
| tree | 97b5ed6a12aec7db4556bbc719ccc7585bb91b4e | |
| parent | 06160cfda6af4eade6d110c0f6d01963d12de6fe (diff) | |
| download | gitlab-ce-032d2442b1b6d40cb6e2d2a169f7a479e287975f.tar.gz | |
Fix bug where non-project members of the target project could set labels on new merge requests.
(cherry picked from commit 77e508d8fd7a915f5ae221f5e4d6022560398a9e)
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/views/shared/issuable/_form.html.haml | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index 43302425f14..b25514bc6cd 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 7.14.0 (unreleased) + - Fix bug where non-project members of the target project could set labels on new merge requests. - Update default robots.txt rules to disallow crawling of irrelevant pages (Ben Bodenmiller) - Fix redirection after sign in when using auto_sign_in_with_provider - Upgrade gitlab_git to 7.2.14 to ignore CRLFs in .gitmodules (Stan Hu) diff --git a/app/views/shared/issuable/_form.html.haml b/app/views/shared/issuable/_form.html.haml index 3489bf3f191..f6b09de3839 100644 --- a/app/views/shared/issuable/_form.html.haml +++ b/app/views/shared/issuable/_form.html.haml @@ -38,7 +38,7 @@ .clearfix .error-alert %hr -- if can?(current_user, :"admin_#{issuable.to_ability_name}", @project) +- if can?(current_user, :"admin_#{issuable.to_ability_name}", issuable.project) .form-group .issue-assignee = f.label :assignee_id, class: 'control-label' do |