Check if user can `update_issue` on project

If user can update an issue under the specified confidential issue project, should be able to find the project.
author: Patrick Bajao <ebajao@gitlab.com> 2019-07-01 16:23:23 +0800
committer: Patrick Bajao <ebajao@gitlab.com> 2019-07-01 16:23:26 +0800
commit: 6b68acbfe9db1d3c855d7505817ebca62e3a61c1 (patch)
tree: bdb3381fc5eb948a56de460a0335121afb871056
parent: 1ca5520bd6f3447ada3a1120d2a3bd445ab6746a (diff)
download: gitlab-ce-6b68acbfe9db1d3c855d7505817ebca62e3a61c1.tar.gz
2 files changed, 4 insertions, 4 deletions
diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb
index b3dfafb7b87..5e50801eb23 100644
--- a/app/controllers/projects/branches_controller.rb
+++ b/app/controllers/projects/branches_controller.rb
@@ -170,7 +170,7 @@ class Projects::BranchesController < Projects::ApplicationController
 
     confidential_issue_project = Project.find(params[:confidential_issue_project_id])
 
-    return unless can?(current_user, :push_code, confidential_issue_project)
+    return unless can?(current_user, :update_issue, confidential_issue_project)
 
     confidential_issue_project
   end
diff --git a/spec/controllers/projects/branches_controller_spec.rb b/spec/controllers/projects/branches_controller_spec.rb
index 712c3fa0ffe..dbc8681eb49 100644
--- a/spec/controllers/projects/branches_controller_spec.rb
+++ b/spec/controllers/projects/branches_controller_spec.rb
@@ -124,7 +124,7 @@ describe Projects::BranchesController do
             stub_feature_flags(create_confidential_merge_request: true)
           end
 
-          context 'user cannot push code to issue project' do
+          context 'user cannot update issue' do
             let(:issue) { create(:issue, project: confidential_issue_project) }
 
             it 'does not post a system note' do
@@ -134,9 +134,9 @@ describe Projects::BranchesController do
             end
           end
 
-          context 'user can push code to issue project' do
+          context 'user can update issue' do
             before do
-              confidential_issue_project.add_developer(user)
+              confidential_issue_project.add_reporter(user)
             end
 
             context 'issue is under the specified project' do
author	Patrick Bajao <ebajao@gitlab.com>	2019-07-01 16:23:23 +0800
committer	Patrick Bajao <ebajao@gitlab.com>	2019-07-01 16:23:26 +0800
commit	6b68acbfe9db1d3c855d7505817ebca62e3a61c1 (patch)
tree	bdb3381fc5eb948a56de460a0335121afb871056
parent	1ca5520bd6f3447ada3a1120d2a3bd445ab6746a (diff)
download	gitlab-ce-6b68acbfe9db1d3c855d7505817ebca62e3a61c1.tar.gz