short-circuit if there is no policy, and add :read_project check

author: http://jneen.net/ <jneen@jneen.net> 2017-08-01 10:42:54 -0700
committer: http://jneen.net/ <jneen@jneen.net> 2017-08-03 09:07:18 -0700
commit: c2dd4239c939e003dfe569196ec2d39e2478606e (patch)
tree: 05fa09b5d0f6324add395e5c5bf768c619d308a8 /app/models
parent: 488e8e79dd85e973e1b562fe0320f69b2bedec06 (diff)
download: gitlab-ce-c2dd4239c939e003dfe569196ec2d39e2478606e.tar.gz
1 files changed, 6 insertions, 3 deletions
diff --git a/app/models/notification_recipient.rb b/app/models/notification_recipient.rb
index 28ac22da6e2..837b62ec0cb 100644
--- a/app/models/notification_recipient.rb
+++ b/app/models/notification_recipient.rb
@@ -76,10 +76,13 @@ class NotificationRecipient
   end
 
   def has_access?
-    return false unless user.can?(:receive_notifications)
-    return true unless @read_ability
-
     DeclarativePolicy.subject_scope do
+      return false unless user.can?(:receive_notifications)
+      return false if @project && !user.can?(:read_project, @project)
+
+      return true unless @read_ability
+      return true unless DeclarativePolicy.has_policy?(@target)
+
       user.can?(@read_ability, @target)
     end
   end
author	http://jneen.net/ <jneen@jneen.net>	2017-08-01 10:42:54 -0700
committer	http://jneen.net/ <jneen@jneen.net>	2017-08-03 09:07:18 -0700
commit	c2dd4239c939e003dfe569196ec2d39e2478606e (patch)
tree	05fa09b5d0f6324add395e5c5bf768c619d308a8 /app/models
parent	488e8e79dd85e973e1b562fe0320f69b2bedec06 (diff)
download	gitlab-ce-c2dd4239c939e003dfe569196ec2d39e2478606e.tar.gz