diff options
| author | Douwe Maan <douwe@gitlab.com> | 2015-05-15 12:45:45 +0200 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2015-05-15 12:46:52 +0200 |
| commit | 0b7c4fe0482cbbc480ff363f2037d70fe52125ee (patch) | |
| tree | d50877b1f7a097070ac94b718b7b0ffacd8cae4b | |
| parent | fb86ec519c2a9928e207b2d4363cb4d7f1705cba (diff) | |
| download | gitlab-ce-0b7c4fe0482cbbc480ff363f2037d70fe52125ee.tar.gz | |
Don't include users without project access in participants.
| -rw-r--r-- | CHANGELOG | 2 | ||||
| -rw-r--r-- | app/models/concerns/participable.rb | 20 |
2 files changed, 15 insertions, 7 deletions
diff --git a/CHANGELOG b/CHANGELOG index f92f486064f..3dfa92f3282 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -44,7 +44,7 @@ v 7.11.0 (unreleased) - Fix bug where avatar filenames were not actually deleted from the database during removal (Stan Hu) - Fix bug where Slack service channel was not saved in admin template settings. (Stan Hu) - Protect OmniAuth request phase against CSRF. - - + - Don't send notifications to mentioned users that don't have access to the project in question. - - Move snippets UI to fluid layout - Improve UI for sidebar. Increase separation between navigation and content diff --git a/app/models/concerns/participable.rb b/app/models/concerns/participable.rb index a4832204f7b..9f667f47e0d 100644 --- a/app/models/concerns/participable.rb +++ b/app/models/concerns/participable.rb @@ -35,8 +35,8 @@ module Participable end end - def participants(current_user = self.author) - self.class.participant_attrs.flat_map do |attr| + def participants(current_user = self.author, project = self.project) + participants = self.class.participant_attrs.flat_map do |attr| meth = method(attr) value = @@ -46,20 +46,28 @@ module Participable meth.call end - participants_for(value, current_user) + participants_for(value, current_user, project) end.compact.uniq + + if project + participants.select! do |user| + user.can?(:read_project, project) + end + end + + participants end private - def participants_for(value, current_user = nil) + def participants_for(value, current_user = nil, project = nil) case value when User [value] when Enumerable, ActiveRecord::Relation - value.flat_map { |v| participants_for(v, current_user) } + value.flat_map { |v| participants_for(v, current_user, project) } when Participable - value.participants(current_user) + value.participants(current_user, project) end end end |