diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-03-04 18:37:15 +0000 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-03-04 18:37:15 +0000 |
commit | 025015048f7eaad29ee7816c6040fb3e0c06eb8d (patch) | |
tree | 50d713b293ffd0dee44b715dd9c12621810f8fa5 /app/models/concerns/issuable.rb | |
parent | 6683298fe6d85bb0785906723663482798418907 (diff) | |
parent | 30ab6ee416783cd9481085f021603383eeb4f317 (diff) | |
download | gitlab-ce-025015048f7eaad29ee7816c6040fb3e0c06eb8d.tar.gz |
Merge branch 'security-2773-milestones-fix' into 'master'
[master] Check issue milestone availability
See merge request gitlab/gitlabhq!2788
Diffstat (limited to 'app/models/concerns/issuable.rb')
-rw-r--r-- | app/models/concerns/issuable.rb | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/app/models/concerns/issuable.rb b/app/models/concerns/issuable.rb index 429a63f83cc..4182db6fcc7 100644 --- a/app/models/concerns/issuable.rb +++ b/app/models/concerns/issuable.rb @@ -75,6 +75,7 @@ module Issuable validates :author, presence: true validates :title, presence: true, length: { maximum: 255 } + validate :milestone_is_valid scope :authored, ->(user) { where(author_id: user) } scope :recent, -> { reorder(id: :desc) } @@ -118,6 +119,16 @@ module Issuable def has_multiple_assignees? assignees.count > 1 end + + def milestone_available? + project_id == milestone&.project_id || project.ancestors_upto.compact.include?(milestone&.group) + end + + private + + def milestone_is_valid + errors.add(:milestone_id, message: "is invalid") if milestone_id.present? && !milestone_available? + end end class_methods do |