diff options
author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-01-25 15:51:45 +0200 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-01-25 15:51:45 +0200 |
commit | 6350b32a3dddf70a28526c4f95c652072411e9c7 (patch) | |
tree | 96c996a2f63f9fede4c5b2b081fd3acedb1049f5 /app/models | |
parent | 3ddd9f753c0a6a57313ea4860bf7167f98f53cd2 (diff) | |
download | gitlab-ce-6350b32a3dddf70a28526c4f95c652072411e9c7.tar.gz |
Fix security issues with teams
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/user.rb | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 7a0d66453f8..29f262968d5 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -295,4 +295,15 @@ class User < ActiveRecord::Base def namespace_id namespace.try :id end + + def authorized_teams + @authorized_teams ||= begin + ids = [] + ids << UserTeam.with_member(self).pluck('user_teams.id') + ids << UserTeam.created_by(self).pluck('user_teams.id') + ids.flatten + + UserTeam.where(id: ids) + end + end end |