Delete confidential issue todos for guests

Fix leaking information of confidential issues on TODOs when user is downgraded to guest access.
author: Felipe Artur <felipefac@gmail.com> 2018-12-11 16:15:10 -0200
committer: Felipe Artur <felipefac@gmail.com> 2018-12-14 10:38:52 -0200
commit: 1653f7b1c68b2ea7da8df84ed459b9578e3dff8f (patch)
tree: 9e55514e5682aa8799469286265b3e51af84b003 /app/models/todo.rb
parent: cc7353523bc1d19054769d7a0a61b0cb7f6ce4e3 (diff)
download: gitlab-ce-1653f7b1c68b2ea7da8df84ed459b9578e3dff8f.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/app/models/todo.rb b/app/models/todo.rb
index 7b64615f699..d9b86d941b6 100644
--- a/app/models/todo.rb
+++ b/app/models/todo.rb
@@ -4,6 +4,11 @@ class Todo < ActiveRecord::Base
   include Sortable
   include FromUnion
 
+  # Time to wait for todos being removed when not visible for user anymore.
+  # Prevents TODOs being removed by mistake, for example, removing access from a user
+  # and giving it back again.
+  WAIT_FOR_DELETE    = 1.hour
+
   ASSIGNED           = 1
   MENTIONED          = 2
   BUILD_FAILED       = 3
author	Felipe Artur <felipefac@gmail.com>	2018-12-11 16:15:10 -0200
committer	Felipe Artur <felipefac@gmail.com>	2018-12-14 10:38:52 -0200
commit	1653f7b1c68b2ea7da8df84ed459b9578e3dff8f (patch)
tree	9e55514e5682aa8799469286265b3e51af84b003 /app/models/todo.rb
parent	cc7353523bc1d19054769d7a0a61b0cb7f6ce4e3 (diff)
download	gitlab-ce-1653f7b1c68b2ea7da8df84ed459b9578e3dff8f.tar.gz