Project members with guest role can't access confidential issues

author: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-06-06 16:13:31 -0300
committer: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-06-13 19:32:00 -0300
commit: b56c45675019baaaf47615d51c08d5caa0734ad3 (patch)
tree: b933c21ab49a745a6839aa1127c237ffe7a3a3fb /app/models/ability.rb
parent: af8500f43010f42176b2ec1814f0fe7248258b05 (diff)
download: gitlab-ce-b56c45675019baaaf47615d51c08d5caa0734ad3.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 44515550d9e..aea946f9224 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -533,7 +533,7 @@ class Ability
     def filter_confidential_issues_abilities(user, issue, rules)
       return rules if user.admin? || !issue.confidential?
 
-      unless issue.author == user || issue.assignee == user || issue.project.team.member?(user.id)
+      unless issue.author == user || issue.assignee == user || issue.project.team.member?(user, Gitlab::Access::REPORTER)
         rules.delete(:admin_issue)
         rules.delete(:read_issue)
         rules.delete(:update_issue)
author	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-06-06 16:13:31 -0300
committer	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-06-13 19:32:00 -0300
commit	b56c45675019baaaf47615d51c08d5caa0734ad3 (patch)
tree	b933c21ab49a745a6839aa1127c237ffe7a3a3fb /app/models/ability.rb
parent	af8500f43010f42176b2ec1814f0fe7248258b05 (diff)
download	gitlab-ce-b56c45675019baaaf47615d51c08d5caa0734ad3.tar.gz