summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2015-06-25 15:38:04 +0200
committerDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2015-06-25 15:38:04 +0200
commitd315d1eba4f45c4c4f0417fbdcd3eaf69e102282 (patch)
treee0ade3e212e397189e8cb155c814472eadf90406
parent60baa1e866013d66d25531e5f8a8f62ec49b228b (diff)
downloadgitlab-ce-d315d1eba4f45c4c4f0417fbdcd3eaf69e102282.tar.gz
Dont allow guest to set assigne, milestone and label when create new issue or merge request
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-rw-r--r--app/models/ability.rb3
-rw-r--r--app/views/shared/issuable/_form.html.haml77
2 files changed, 43 insertions, 37 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb
index a5db22040e0..b611276cf9c 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -154,6 +154,9 @@ class Ability
project_guest_rules + [
:download_code,
:fork_project,
+ :set_assignee,
+ :set_milestone,
+ :set_label,
:write_project_snippet
]
end
diff --git a/app/views/shared/issuable/_form.html.haml b/app/views/shared/issuable/_form.html.haml
index 496fad34dc2..7095402bf05 100644
--- a/app/views/shared/issuable/_form.html.haml
+++ b/app/views/shared/issuable/_form.html.haml
@@ -37,47 +37,50 @@
.clearfix
.error-alert
-%hr
-.form-group
- .issue-assignee
- = f.label :assignee_id, class: 'control-label' do
- %i.fa.fa-user
- Assign to
- .col-sm-10
- = users_select_tag("#{issuable.class.model_name.param_key}[assignee_id]",
- placeholder: 'Select a user', class: 'custom-form-control', null_user: true,
- selected: issuable.assignee_id, project: @target_project || @project)
- &nbsp;
- = link_to 'Assign to me', '#', class: 'btn assign-to-me-link'
-.form-group
- .issue-milestone
- = f.label :milestone_id, class: 'control-label' do
- %i.fa.fa-clock-o
- Milestone
+ %hr
+- if can?(current_user, :set_assignee, @project)
+ .form-group
+ .issue-assignee
+ = f.label :assignee_id, class: 'control-label' do
+ %i.fa.fa-user
+ Assign to
+ .col-sm-10
+ = users_select_tag("#{issuable.class.model_name.param_key}[assignee_id]",
+ placeholder: 'Select a user', class: 'custom-form-control', null_user: true,
+ selected: issuable.assignee_id, project: @target_project || @project)
+ &nbsp;
+ = link_to 'Assign to me', '#', class: 'btn assign-to-me-link'
+- if can?(current_user, :set_milestone, @project)
+ .form-group
+ .issue-milestone
+ = f.label :milestone_id, class: 'control-label' do
+ %i.fa.fa-clock-o
+ Milestone
+ .col-sm-10
+ - if milestone_options(issuable).present?
+ = f.select(:milestone_id, milestone_options(issuable),
+ { include_blank: 'Select milestone' }, { class: 'select2' })
+ - else
+ .prepend-top-10
+ %span.light No open milestones available.
+ &nbsp;
+ - if can? current_user, :admin_milestone, issuable.project
+ = link_to 'Create new milestone', new_namespace_project_milestone_path(issuable.project.namespace, issuable.project), target: :blank
+- if can?(current_user, :set_label, @project)
+ .form-group
+ = f.label :label_ids, class: 'control-label' do
+ %i.fa.fa-tag
+ Labels
.col-sm-10
- - if milestone_options(issuable).present?
- = f.select(:milestone_id, milestone_options(issuable),
- { include_blank: 'Select milestone' }, { class: 'select2' })
+ - if issuable.project.labels.any?
+ = f.collection_select :label_ids, issuable.project.labels.all, :id, :name,
+ { selected: issuable.label_ids }, multiple: true, class: 'select2'
- else
.prepend-top-10
- %span.light No open milestones available.
+ %span.light No labels yet.
&nbsp;
- - if can? current_user, :admin_milestone, issuable.project
- = link_to 'Create new milestone', new_namespace_project_milestone_path(issuable.project.namespace, issuable.project), target: :blank
-.form-group
- = f.label :label_ids, class: 'control-label' do
- %i.fa.fa-tag
- Labels
- .col-sm-10
- - if issuable.project.labels.any?
- = f.collection_select :label_ids, issuable.project.labels.all, :id, :name,
- { selected: issuable.label_ids }, multiple: true, class: 'select2'
- - else
- .prepend-top-10
- %span.light No labels yet.
- &nbsp;
- - if can? current_user, :admin_label, issuable.project
- = link_to 'Create new label', new_namespace_project_label_path(issuable.project.namespace, issuable.project), target: :blank
+ - if can? current_user, :admin_label, issuable.project
+ = link_to 'Create new label', new_namespace_project_label_path(issuable.project.namespace, issuable.project), target: :blank
- if issuable.is_a?(MergeRequest)
%hr