diff options
| author | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-03-17 18:03:10 -0300 |
|---|---|---|
| committer | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-03-17 20:56:00 -0300 |
| commit | 9222459ea36ce7bfafdf76742a5a44db7957db8d (patch) | |
| tree | 669fe46666545d837a79280a8c2fcc955175a56e /app/models/event.rb | |
| parent | 7d403ec46ffd5778a68eebb9117e08f605938b15 (diff) | |
| download | gitlab-ce-9222459ea36ce7bfafdf76742a5a44db7957db8d.tar.gz | |
Restrict access to confidential issues on activity feed
Diffstat (limited to 'app/models/event.rb')
| -rw-r--r-- | app/models/event.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/app/models/event.rb b/app/models/event.rb index 9a0bbf50f8b..a5cfeaf388e 100644 --- a/app/models/event.rb +++ b/app/models/event.rb @@ -73,15 +73,17 @@ class Event < ActiveRecord::Base end end - def proper? + def proper?(user = nil) if push? true elsif membership_changed? true elsif created_project? true + elsif issue? + Ability.abilities.allowed?(user, :read_issue, issue) else - ((issue? || merge_request? || note?) && target) || milestone? + ((merge_request? || note?) && target) || milestone? end end |