diff options
author | John T Skarbek <jskarbek@gitlab.com> | 2019-08-14 14:11:04 -0400 |
---|---|---|
committer | John T Skarbek <jskarbek@gitlab.com> | 2019-08-14 14:11:04 -0400 |
commit | 2b2efbc609a85093238ee3bec94358670021d0e5 (patch) | |
tree | 671ff737363c10b61e4a970e1c108319cc07e37d /app/models | |
parent | affa81eb79ec0ca01a1a0c2733cc5cdffb3b9ff1 (diff) | |
parent | 7b52cff4896c8f681aea34fb273209400cf3e06e (diff) | |
download | gitlab-ce-2b2efbc609a85093238ee3bec94358670021d0e5.tar.gz |
Merge remote-tracking branch 'dev/security-2873-restrict-slash-commands-to-users-who-can-log-in'
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/project_services/slash_commands_service.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/app/models/project_services/slash_commands_service.rb b/app/models/project_services/slash_commands_service.rb index 5f5cff97808..cb16ad75d14 100644 --- a/app/models/project_services/slash_commands_service.rb +++ b/app/models/project_services/slash_commands_service.rb @@ -35,6 +35,8 @@ class SlashCommandsService < Service chat_user = find_chat_user(params) if chat_user&.user + return Gitlab::SlashCommands::Presenters::Access.new.access_denied unless chat_user.user.can?(:use_slash_commands) + Gitlab::SlashCommands::Command.new(project, chat_user, params).execute else url = authorize_chat_name_url(params) |