Merge remote-tracking branch 'gitlab.com/master' into scheduled-manual-jobs-environment-play-buttons

author: Winnie Hellmann <winnie@gitlab.com> 2018-10-09 19:38:35 +0200
committer: Winnie Hellmann <winnie@gitlab.com> 2018-10-09 19:38:35 +0200
commit: 23e81130fb53e7c961a225e6235f5ae8a36ed595 (patch)
tree: 1f482f3045137be04207142e33e0f88a915553e6 /app/finders/issues_finder.rb
parent: c12a78969315a8e25128653df2a7515861010b12 (diff)
parent: ca440758be33c8bec937a249db9b18b3c9734df9 (diff)
download: gitlab-ce-23e81130fb53e7c961a225e6235f5ae8a36ed595.tar.gz
1 files changed, 7 insertions, 3 deletions
diff --git a/app/finders/issues_finder.rb b/app/finders/issues_finder.rb
index 770e0bfe1a3..abdc47b9866 100644
--- a/app/finders/issues_finder.rb
+++ b/app/finders/issues_finder.rb
@@ -120,9 +120,13 @@ class IssuesFinder < IssuableFinder
     return @user_can_see_all_confidential_issues = true if current_user.full_private_access?
 
     @user_can_see_all_confidential_issues =
-      project? &&
-      project &&
-      project.team.max_member_access(current_user.id) >= CONFIDENTIAL_ACCESS_LEVEL
+      if project? && project
+        project.team.max_member_access(current_user.id) >= CONFIDENTIAL_ACCESS_LEVEL
+      elsif group
+        group.max_member_access_for_user(current_user) >= CONFIDENTIAL_ACCESS_LEVEL
+      else
+        false
+      end
   end
 
   def user_cannot_see_confidential_issues?
author	Winnie Hellmann <winnie@gitlab.com>	2018-10-09 19:38:35 +0200
committer	Winnie Hellmann <winnie@gitlab.com>	2018-10-09 19:38:35 +0200
commit	23e81130fb53e7c961a225e6235f5ae8a36ed595 (patch)
tree	1f482f3045137be04207142e33e0f88a915553e6 /app/finders/issues_finder.rb
parent	c12a78969315a8e25128653df2a7515861010b12 (diff)
parent	ca440758be33c8bec937a249db9b18b3c9734df9 (diff)
download	gitlab-ce-23e81130fb53e7c961a225e6235f5ae8a36ed595.tar.gz