summaryrefslogtreecommitdiff
path: root/app/mailers
diff options
context:
space:
mode:
authorDmitriy Zaporozhets <dzaporozhets@gitlab.com>2015-04-13 14:10:25 +0000
committerDmitriy Zaporozhets <dzaporozhets@gitlab.com>2015-04-13 14:10:25 +0000
commitecb58dacd614de66c00c8df673abb96fafa5d452 (patch)
tree9ed48d7b39bdc67b841b58e33d40e3a4231ab207 /app/mailers
parent8cf1a6f0a3b58b299e1c63283400c05209270dc2 (diff)
parent16e1076e6f69626e1d8bf53f52dc67baee9fb51e (diff)
downloadgitlab-ce-ecb58dacd614de66c00c8df673abb96fafa5d452.tar.gz
Merge branch 'reference-access-control' into 'master'
Only allow users to reference groups, projects, issues, MRs, commits they have access to. Addresses https://dev.gitlab.org/gitlab/gitlabhq/issues/2183. See merge request !1742
Diffstat (limited to 'app/mailers')
-rw-r--r--app/mailers/emails/groups.rb1
-rw-r--r--app/mailers/emails/profile.rb6
-rw-r--r--app/mailers/emails/projects.rb5
-rw-r--r--app/mailers/notify.rb12
4 files changed, 16 insertions, 8 deletions
diff --git a/app/mailers/emails/groups.rb b/app/mailers/emails/groups.rb
index 26f43bf955e..626eb593d51 100644
--- a/app/mailers/emails/groups.rb
+++ b/app/mailers/emails/groups.rb
@@ -4,6 +4,7 @@ module Emails
@group_member = GroupMember.find(group_member_id)
@group = @group_member.group
@target_url = group_url(@group)
+ @current_user = @group_member.user
mail(to: @group_member.user.email,
subject: subject("Access to group was granted"))
end
diff --git a/app/mailers/emails/profile.rb b/app/mailers/emails/profile.rb
index ab5b0765352..3a83b083109 100644
--- a/app/mailers/emails/profile.rb
+++ b/app/mailers/emails/profile.rb
@@ -1,7 +1,7 @@
module Emails
module Profile
def new_user_email(user_id, token = nil)
- @user = User.find(user_id)
+ @current_user = @user = User.find(user_id)
@target_url = user_url(@user)
@token = token
mail(to: @user.notification_email, subject: subject("Account was created for you"))
@@ -9,13 +9,13 @@ module Emails
def new_email_email(email_id)
@email = Email.find(email_id)
- @user = @email.user
+ @current_user = @user = @email.user
mail(to: @user.notification_email, subject: subject("Email was added to your account"))
end
def new_ssh_key_email(key_id)
@key = Key.find(key_id)
- @user = @key.user
+ @current_user = @user = @key.user
@target_url = user_url(@user)
mail(to: @user.notification_email, subject: subject("SSH key was added to your account"))
end
diff --git a/app/mailers/emails/projects.rb b/app/mailers/emails/projects.rb
index 3cd812825e2..20a863c3742 100644
--- a/app/mailers/emails/projects.rb
+++ b/app/mailers/emails/projects.rb
@@ -4,12 +4,13 @@ module Emails
@project_member = ProjectMember.find user_project_id
@project = @project_member.project
@target_url = namespace_project_url(@project.namespace, @project)
+ @current_user = @project_member.user
mail(to: @project_member.user.email,
subject: subject("Access to project was granted"))
end
def project_was_moved_email(project_id, user_id)
- @user = User.find user_id
+ @current_user = @user = User.find user_id
@project = Project.find project_id
@target_url = namespace_project_url(@project.namespace, @project)
mail(to: @user.notification_email,
@@ -28,7 +29,7 @@ module Emails
end
@project = Project.find(project_id)
- @author = User.find(author_id)
+ @current_user = @author = User.find(author_id)
@reverse_compare = reverse_compare
@compare = compare
@ref_name = Gitlab::Git.ref_name(ref)
diff --git a/app/mailers/notify.rb b/app/mailers/notify.rb
index 0c186ab5866..7c8b37029d1 100644
--- a/app/mailers/notify.rb
+++ b/app/mailers/notify.rb
@@ -13,6 +13,9 @@ class Notify < ActionMailer::Base
add_template_helper MergeRequestsHelper
add_template_helper EmailsHelper
+ attr_accessor :current_user
+ helper_method :current_user, :can?
+
default_url_options[:host] = Gitlab.config.gitlab.host
default_url_options[:protocol] = Gitlab.config.gitlab.protocol
default_url_options[:port] = Gitlab.config.gitlab.port unless Gitlab.config.gitlab_on_standard_port?
@@ -79,9 +82,8 @@ class Notify < ActionMailer::Base
#
# Returns a String containing the User's email address.
def recipient(recipient_id)
- if recipient = User.find(recipient_id)
- recipient.notification_email
- end
+ @current_user = User.find(recipient_id)
+ @current_user.notification_email
end
# Set the References header field
@@ -154,4 +156,8 @@ class Notify < ActionMailer::Base
mail(headers, &block)
end
+
+ def can?
+ Ability.abilities.allowed?(user, action, subject)
+ end
end