diff options
| author | Douwe Maan <douwe@gitlab.com> | 2016-03-18 12:04:56 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2016-03-18 12:04:56 +0000 |
| commit | 9813eac56ba6120ef046b5dddba6fd72ce1933a6 (patch) | |
| tree | aa1b50b0d80253dfca7746312db0ed46e593448a /app/controllers | |
| parent | 726f1efdb767407acf461a6811b396bfa5f0df35 (diff) | |
| parent | 5ed7e2cfd5de7c1db0374594428895e84e98321e (diff) | |
| download | gitlab-ce-9813eac56ba6120ef046b5dddba6fd72ce1933a6.tar.gz | |
Merge branch 'confidential-issues' into 'master'
Add confidential issues
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/3678
More information: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/227
See merge request !3282
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/projects/issues_controller.rb | 8 | ||||
| -rw-r--r-- | app/controllers/projects_controller.rb | 2 |
2 files changed, 7 insertions, 3 deletions
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index aa7a178dcf4..6603f28a082 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -5,7 +5,7 @@ class Projects::IssuesController < Projects::ApplicationController before_action :issue, only: [:edit, :update, :show] # Allow read any issue - before_action :authorize_read_issue! + before_action :authorize_read_issue!, only: [:show] # Allow write(create) issue before_action :authorize_create_issue!, only: [:new, :create] @@ -128,6 +128,10 @@ class Projects::IssuesController < Projects::ApplicationController end alias_method :subscribable_resource, :issue + def authorize_read_issue! + return render_404 unless can?(current_user, :read_issue, @issue) + end + def authorize_update_issue! return render_404 unless can?(current_user, :update_issue, @issue) end @@ -158,7 +162,7 @@ class Projects::IssuesController < Projects::ApplicationController def issue_params params.require(:issue).permit( - :title, :assignee_id, :position, :description, + :title, :assignee_id, :position, :description, :confidential, :milestone_id, :state_event, :task_num, label_ids: [] ) end diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 36f37221c58..c9930480770 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -134,7 +134,7 @@ class ProjectsController < ApplicationController def autocomplete_sources note_type = params['type'] note_id = params['type_id'] - autocomplete = ::Projects::AutocompleteService.new(@project) + autocomplete = ::Projects::AutocompleteService.new(@project, current_user) participants = ::Projects::ParticipantsService.new(@project, current_user).execute(note_type, note_id) @suggestions = { |