diff options
author | Douwe Maan <douwe@gitlab.com> | 2016-01-14 10:36:39 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2016-01-14 10:36:39 +0000 |
commit | 9f8c38bdac3d6f532b50ecab1d769652ffb5acc3 (patch) | |
tree | 4ed39c5ad4d840d3852836efafbd1dd6b59ee50b /app/models | |
parent | 54734fa6132de6ba2430cba6b279723d1aec8c19 (diff) | |
parent | e918493f55eb27cdb779f0bc2d8cbbace8b69aa9 (diff) | |
download | gitlab-ce-9f8c38bdac3d6f532b50ecab1d769652ffb5acc3.tar.gz |
Merge branch 'fix/private-references' into 'master'
Show referenced MRs & Issues only when the current viewer can access them
This addresses both issues identified in #6066.
## The private MR by user `remy2` with a note referencing to a public issue
![Screen_Shot_2016-01-12_at_16.45.02](/uploads/c245ec2c1fdea1f9ba05183c24e142d9/Screen_Shot_2016-01-12_at_16.45.02.png)
---
## The public issue viewed by user `remy` **who doesn't have access to `remy2/private-project`** before the fix
![Screen_Shot_2016-01-12_at_18.14.50](/uploads/8db5580e803f5bddd6cb935233c579a0/Screen_Shot_2016-01-12_at_18.14.50.png)
---
## The public issue viewed by user `remy` **who doesn't have access to `remy2/private-project`** with the fix
![Screen_Shot_2016-01-13_at_12.02.32](/uploads/cb199f7b78191fba486a11412412e307/Screen_Shot_2016-01-13_at_12.02.32.png)
---
## The public issue viewed by user `remy2` with the fix (no change)
![Screen_Shot_2016-01-13_at_11.54.06](/uploads/ddece590d69f597a95559beddcd36660/Screen_Shot_2016-01-13_at_11.54.06.png)
See merge request !2405
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/issue.rb | 4 | ||||
-rw-r--r-- | app/models/note.rb | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/app/models/issue.rb b/app/models/issue.rb index f52e47f3e62..7beba984608 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -85,10 +85,10 @@ class Issue < ActiveRecord::Base reference end - def referenced_merge_requests + def referenced_merge_requests(current_user = nil) Gitlab::ReferenceExtractor.lazily do [self, *notes].flat_map do |note| - note.all_references.merge_requests + note.all_references(current_user).merge_requests end end.sort_by(&:iid) end diff --git a/app/models/note.rb b/app/models/note.rb index 3d5b663c99f..3e1375e5ad6 100644 --- a/app/models/note.rb +++ b/app/models/note.rb @@ -358,6 +358,10 @@ class Note < ActiveRecord::Base !system? && !is_award end + def cross_reference_not_visible_for?(user) + cross_reference? && referenced_mentionables(user).empty? + end + # Checks if note is an award added as a comment # # If note is an award, this method sets is_award to true |