Merge branch '23403-fix-events-for-private-project-features' into 'security'

Respect project visibility settings in the contributions calendar This MR fixes a number of bugs relating to access controls and date selection of events for the contributions calendar Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23403 See merge request !2019 Signed-off-by: Rémy Coutable <remy@rymai.me>
author: Robert Speicher <robert@gitlab.com> 2016-11-04 14:15:43 +0000
committer: Rémy Coutable <remy@rymai.me> 2016-11-09 12:27:41 +0100
commit: b0088b527eacd16773a85ad8f88e49de7c646cf1 (patch)
tree: 58a72d4b3248b2d6d21214d96434bb1a398c5503 /app/models/event.rb
parent: b0bf92140f469db90ef378fd42a6f65eee1d4633 (diff)
download: gitlab-ce-b0088b527eacd16773a85ad8f88e49de7c646cf1.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/app/models/event.rb b/app/models/event.rb
index 43e67069b70..c76d88b1c7b 100644
--- a/app/models/event.rb
+++ b/app/models/event.rb
@@ -49,6 +49,7 @@ class Event < ActiveRecord::Base
         update_all(updated_at: Time.now)
     end
 
+    # Update Gitlab::ContributionsCalendar#activity_dates if this changes
     def contributions
       where("action = ? OR (target_type in (?) AND action in (?))",
             Event::PUSHED, ["MergeRequest", "Issue"],
@@ -62,7 +63,7 @@ class Event < ActiveRecord::Base
 
   def visible_to_user?(user = nil)
     if push?
-      true
+      Ability.allowed?(user, :download_code, project)
     elsif membership_changed?
       true
     elsif created_project?
author	Robert Speicher <robert@gitlab.com>	2016-11-04 14:15:43 +0000
committer	Rémy Coutable <remy@rymai.me>	2016-11-09 12:27:41 +0100
commit	b0088b527eacd16773a85ad8f88e49de7c646cf1 (patch)
tree	58a72d4b3248b2d6d21214d96434bb1a398c5503 /app/models/event.rb
parent	b0bf92140f469db90ef378fd42a6f65eee1d4633 (diff)
download	gitlab-ce-b0088b527eacd16773a85ad8f88e49de7c646cf1.tar.gz