diff options
| author | Heinrich Lee Yu <hleeyu@gmail.com> | 2018-10-24 17:58:34 +0800 |
|---|---|---|
| committer | Heinrich Lee Yu <hleeyu@gmail.com> | 2018-10-26 10:27:25 +0800 |
| commit | 6dda85927d88461506e7255f5ba49bdeac33699e (patch) | |
| tree | a538df159e05d8a12bbbc93eb56a60b9868e22c5 | |
| parent | 5b27e2dbda5f35a7d2fca0462349ddbad67bd04c (diff) | |
| download | gitlab-ce-6dda85927d88461506e7255f5ba49bdeac33699e.tar.gz | |
Update boards issue creation authorization
| -rw-r--r-- | app/controllers/concerns/boards_responses.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/app/controllers/concerns/boards_responses.rb b/app/controllers/concerns/boards_responses.rb index b7e4f9b81f1..e6c54e688b6 100644 --- a/app/controllers/concerns/boards_responses.rb +++ b/app/controllers/concerns/boards_responses.rb @@ -50,7 +50,14 @@ module BoardsResponses end def authorize_create_issue - authorize_action_for!(project, :admin_issue) + board = board_parent.boards.find(issue_params[:board_id]) + list = board.lists.find(issue_params[:list_id]) + + if list.backlog? + authorize_action_for!(project, :create_issue) + else + authorize_action_for!(project, :admin_issue) + end end def authorize_admin_list |