Merge branch 'fix/private-references' into 'master'

Show referenced MRs & Issues only when the current viewer can access them This addresses both issues identified in #6066. ## The private MR by user `remy2` with a note referencing to a public issue ![Screen_Shot_2016-01-12_at_16.45.02](/uploads/c245ec2c1fdea1f9ba05183c24e142d9/Screen_Shot_2016-01-12_at_16.45.02.png) --- ## The public issue viewed by user `remy` **who doesn't have access to `remy2/private-project`** before the fix ![Screen_Shot_2016-01-12_at_18.14.50](/uploads/8db5580e803f5bddd6cb935233c579a0/Screen_Shot_2016-01-12_at_18.14.50.png) --- ## The public issue viewed by user `remy` **who doesn't have access to `remy2/private-project`** with the fix ![Screen_Shot_2016-01-13_at_12.02.32](/uploads/cb199f7b78191fba486a11412412e307/Screen_Shot_2016-01-13_at_12.02.32.png) --- ## The public issue viewed by user `remy2` with the fix (no change) ![Screen_Shot_2016-01-13_at_11.54.06](/uploads/ddece590d69f597a95559beddcd36660/Screen_Shot_2016-01-13_at_11.54.06.png) See merge request !2405
author: Douwe Maan <douwe@gitlab.com> 2016-01-14 10:36:39 +0000
committer: Douwe Maan <douwe@gitlab.com> 2016-01-14 10:36:39 +0000
commit: 9f8c38bdac3d6f532b50ecab1d769652ffb5acc3 (patch)
tree: 4ed39c5ad4d840d3852836efafbd1dd6b59ee50b /app/models
parent: 54734fa6132de6ba2430cba6b279723d1aec8c19 (diff)
parent: e918493f55eb27cdb779f0bc2d8cbbace8b69aa9 (diff)
download: gitlab-ce-9f8c38bdac3d6f532b50ecab1d769652ffb5acc3.tar.gz
2 files changed, 6 insertions, 2 deletions
diff --git a/app/models/issue.rb b/app/models/issue.rb
index f52e47f3e62..7beba984608 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -85,10 +85,10 @@ class Issue < ActiveRecord::Base
     reference
   end
 
-  def referenced_merge_requests
+  def referenced_merge_requests(current_user = nil)
     Gitlab::ReferenceExtractor.lazily do
       [self, *notes].flat_map do |note|
-        note.all_references.merge_requests
+        note.all_references(current_user).merge_requests
       end
     end.sort_by(&:iid)
   end
diff --git a/app/models/note.rb b/app/models/note.rb
index 3d5b663c99f..3e1375e5ad6 100644
--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -358,6 +358,10 @@ class Note < ActiveRecord::Base
     !system? && !is_award
   end
 
+  def cross_reference_not_visible_for?(user)
+    cross_reference? && referenced_mentionables(user).empty?
+  end
+
   # Checks if note is an award added as a comment
   #
   # If note is an award, this method sets is_award to true
author	Douwe Maan <douwe@gitlab.com>	2016-01-14 10:36:39 +0000
committer	Douwe Maan <douwe@gitlab.com>	2016-01-14 10:36:39 +0000
commit	9f8c38bdac3d6f532b50ecab1d769652ffb5acc3 (patch)
tree	4ed39c5ad4d840d3852836efafbd1dd6b59ee50b /app/models
parent	54734fa6132de6ba2430cba6b279723d1aec8c19 (diff)
parent	e918493f55eb27cdb779f0bc2d8cbbace8b69aa9 (diff)
download	gitlab-ce-9f8c38bdac3d6f532b50ecab1d769652ffb5acc3.tar.gz