diff options
| author | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-03-17 16:38:51 -0300 |
|---|---|---|
| committer | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-03-17 20:55:38 -0300 |
| commit | 34ee75379cf8e6459b8926fbf956a8316f87eea7 (patch) | |
| tree | 3e6baf1c719f061d3875a24c2cd0e799f2897f04 /app/models/issue.rb | |
| parent | 6b86d3fb800bb551af4a446b87dfd64c963733a3 (diff) | |
| download | gitlab-ce-34ee75379cf8e6459b8926fbf956a8316f87eea7.tar.gz | |
Restrict access to confidential issues
Diffstat (limited to 'app/models/issue.rb')
| -rw-r--r-- | app/models/issue.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/app/models/issue.rb b/app/models/issue.rb index 2447f860c5a..053387cffd7 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -58,6 +58,13 @@ class Issue < ActiveRecord::Base attributes end + def self.visible_to_user(user) + return where(confidential: false) if user.blank? + return all if user.admin? + + where('issues.confidential = false OR (issues.confidential = true AND (issues.author_id = :user_id OR issues.assignee_id = :user_id OR issues.project_id IN(:project_ids)))', user_id: user.id, project_ids: user.authorized_projects.select(:id)) + end + def self.reference_prefix '#' end |