diff options
author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-06-25 15:38:04 +0200 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-06-25 15:38:04 +0200 |
commit | d315d1eba4f45c4c4f0417fbdcd3eaf69e102282 (patch) | |
tree | e0ade3e212e397189e8cb155c814472eadf90406 | |
parent | 60baa1e866013d66d25531e5f8a8f62ec49b228b (diff) | |
download | gitlab-ce-d315d1eba4f45c4c4f0417fbdcd3eaf69e102282.tar.gz |
Dont allow guest to set assigne, milestone and label when create new issue or merge request
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-rw-r--r-- | app/models/ability.rb | 3 | ||||
-rw-r--r-- | app/views/shared/issuable/_form.html.haml | 77 |
2 files changed, 43 insertions, 37 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb index a5db22040e0..b611276cf9c 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -154,6 +154,9 @@ class Ability project_guest_rules + [ :download_code, :fork_project, + :set_assignee, + :set_milestone, + :set_label, :write_project_snippet ] end diff --git a/app/views/shared/issuable/_form.html.haml b/app/views/shared/issuable/_form.html.haml index 496fad34dc2..7095402bf05 100644 --- a/app/views/shared/issuable/_form.html.haml +++ b/app/views/shared/issuable/_form.html.haml @@ -37,47 +37,50 @@ .clearfix .error-alert -%hr -.form-group - .issue-assignee - = f.label :assignee_id, class: 'control-label' do - %i.fa.fa-user - Assign to - .col-sm-10 - = users_select_tag("#{issuable.class.model_name.param_key}[assignee_id]", - placeholder: 'Select a user', class: 'custom-form-control', null_user: true, - selected: issuable.assignee_id, project: @target_project || @project) - - = link_to 'Assign to me', '#', class: 'btn assign-to-me-link' -.form-group - .issue-milestone - = f.label :milestone_id, class: 'control-label' do - %i.fa.fa-clock-o - Milestone + %hr +- if can?(current_user, :set_assignee, @project) + .form-group + .issue-assignee + = f.label :assignee_id, class: 'control-label' do + %i.fa.fa-user + Assign to + .col-sm-10 + = users_select_tag("#{issuable.class.model_name.param_key}[assignee_id]", + placeholder: 'Select a user', class: 'custom-form-control', null_user: true, + selected: issuable.assignee_id, project: @target_project || @project) + + = link_to 'Assign to me', '#', class: 'btn assign-to-me-link' +- if can?(current_user, :set_milestone, @project) + .form-group + .issue-milestone + = f.label :milestone_id, class: 'control-label' do + %i.fa.fa-clock-o + Milestone + .col-sm-10 + - if milestone_options(issuable).present? + = f.select(:milestone_id, milestone_options(issuable), + { include_blank: 'Select milestone' }, { class: 'select2' }) + - else + .prepend-top-10 + %span.light No open milestones available. + + - if can? current_user, :admin_milestone, issuable.project + = link_to 'Create new milestone', new_namespace_project_milestone_path(issuable.project.namespace, issuable.project), target: :blank +- if can?(current_user, :set_label, @project) + .form-group + = f.label :label_ids, class: 'control-label' do + %i.fa.fa-tag + Labels .col-sm-10 - - if milestone_options(issuable).present? - = f.select(:milestone_id, milestone_options(issuable), - { include_blank: 'Select milestone' }, { class: 'select2' }) + - if issuable.project.labels.any? + = f.collection_select :label_ids, issuable.project.labels.all, :id, :name, + { selected: issuable.label_ids }, multiple: true, class: 'select2' - else .prepend-top-10 - %span.light No open milestones available. + %span.light No labels yet. - - if can? current_user, :admin_milestone, issuable.project - = link_to 'Create new milestone', new_namespace_project_milestone_path(issuable.project.namespace, issuable.project), target: :blank -.form-group - = f.label :label_ids, class: 'control-label' do - %i.fa.fa-tag - Labels - .col-sm-10 - - if issuable.project.labels.any? - = f.collection_select :label_ids, issuable.project.labels.all, :id, :name, - { selected: issuable.label_ids }, multiple: true, class: 'select2' - - else - .prepend-top-10 - %span.light No labels yet. - - - if can? current_user, :admin_label, issuable.project - = link_to 'Create new label', new_namespace_project_label_path(issuable.project.namespace, issuable.project), target: :blank + - if can? current_user, :admin_label, issuable.project + = link_to 'Create new label', new_namespace_project_label_path(issuable.project.namespace, issuable.project), target: :blank - if issuable.is_a?(MergeRequest) %hr |