diff options
author | Robert Speicher <robert@gitlab.com> | 2016-11-04 14:15:43 +0000 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-11-09 12:27:41 +0100 |
commit | b0088b527eacd16773a85ad8f88e49de7c646cf1 (patch) | |
tree | 58a72d4b3248b2d6d21214d96434bb1a398c5503 /app/models/event.rb | |
parent | b0bf92140f469db90ef378fd42a6f65eee1d4633 (diff) | |
download | gitlab-ce-b0088b527eacd16773a85ad8f88e49de7c646cf1.tar.gz |
Merge branch '23403-fix-events-for-private-project-features' into 'security'
Respect project visibility settings in the contributions calendar
This MR fixes a number of bugs relating to access controls and date selection of events for the contributions calendar
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23403
See merge request !2019
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'app/models/event.rb')
-rw-r--r-- | app/models/event.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/app/models/event.rb b/app/models/event.rb index 43e67069b70..c76d88b1c7b 100644 --- a/app/models/event.rb +++ b/app/models/event.rb @@ -49,6 +49,7 @@ class Event < ActiveRecord::Base update_all(updated_at: Time.now) end + # Update Gitlab::ContributionsCalendar#activity_dates if this changes def contributions where("action = ? OR (target_type in (?) AND action in (?))", Event::PUSHED, ["MergeRequest", "Issue"], @@ -62,7 +63,7 @@ class Event < ActiveRecord::Base def visible_to_user?(user = nil) if push? - true + Ability.allowed?(user, :download_code, project) elsif membership_changed? true elsif created_project? |