Only people who can manage issue can assign labels to itpermission-improvements

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-06-26 16:02:57 +0200
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-06-26 16:02:57 +0200
commit: 58ceb8e95097df51d08a74c16de83152044e9c58 (patch)
tree: 4ff0bf2aa487053a305d1737f583765dfc91f08a
parent: c9f21c9691033b1fb1d6ddb7dd48057ec4f25aa3 (diff)
download: gitlab-ce-permission-improvements.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index c8db93eb778..4d632ce77c1 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -157,7 +157,7 @@ module API
         if issue.valid?
           # Find or create labels and attach to issue. Labels are valid because
           # we already checked its name, so there can't be an error here
-          unless params[:labels].nil?
+          if params[:labels] && can?(current_user, :admin_issue, user_project)
             issue.remove_labels
             # Create and add labels to the new created issue
             issue.add_labels_by_names(params[:labels].split(','))
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2015-06-26 16:02:57 +0200
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2015-06-26 16:02:57 +0200
commit	58ceb8e95097df51d08a74c16de83152044e9c58 (patch)
tree	4ff0bf2aa487053a305d1737f583765dfc91f08a
parent	c9f21c9691033b1fb1d6ddb7dd48057ec4f25aa3 (diff)
download	gitlab-ce-permission-improvements.tar.gz