Add access checks for diff note and discussion resolution

author: Douwe Maan <douwe@selenight.nl> 2016-07-25 22:40:44 -0600
committer: Douwe Maan <douwe@selenight.nl> 2016-07-25 22:40:44 -0600
commit: ed6c8238f3524feeab187b607362806ed1c666ad (patch)
tree: 670a3a811e2a65e97d86839c14bb62098730d8a6 /app/models/discussion.rb
parent: bbab5d014f10914b1e5d7a73dc0e85ea57344979 (diff)
download: gitlab-ce-ed6c8238f3524feeab187b607362806ed1c666ad.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/app/models/discussion.rb b/app/models/discussion.rb
index 64116d225ae..cc586933112 100644
--- a/app/models/discussion.rb
+++ b/app/models/discussion.rb
@@ -63,6 +63,14 @@ class Discussion
     notes.any?(&:to_be_resolved?)
   end
 
+  def can_resolve?(current_user)
+    return false unless current_user
+    return false unless resolvable?
+
+    current_user == self.noteable.author ||
+      can?(current_user, :push_code, self.project)
+  end
+
   def resolve!(current_user)
     notes.each do |note|
       note.resolve!(current_user) if note.resolvable?
author	Douwe Maan <douwe@selenight.nl>	2016-07-25 22:40:44 -0600
committer	Douwe Maan <douwe@selenight.nl>	2016-07-25 22:40:44 -0600
commit	ed6c8238f3524feeab187b607362806ed1c666ad (patch)
tree	670a3a811e2a65e97d86839c14bb62098730d8a6 /app/models/discussion.rb
parent	bbab5d014f10914b1e5d7a73dc0e85ea57344979 (diff)
download	gitlab-ce-ed6c8238f3524feeab187b607362806ed1c666ad.tar.gz