summaryrefslogtreecommitdiff
path: root/app/policies/todo_policy.rb
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2021-08-03 19:05:59 +0000
committerGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2021-08-03 19:05:59 +0000
commita75a9a2364e2c397ac2c114129516c1cc9b1ecea (patch)
tree998c34c313877741aa4748cc87891d0aa2bf4bce /app/policies/todo_policy.rb
parentc8edb9de30c95e9e715a1e31e7667f94fb7f3dec (diff)
parent8c67b4991465e92dcd6752cc42e54a9c5cd9f0f2 (diff)
downloadgitlab-ce-a75a9a2364e2c397ac2c114129516c1cc9b1ecea.tar.gz
Merge remote-tracking branch 'dev/14-1-stable' into 14-1-stable
Diffstat (limited to 'app/policies/todo_policy.rb')
-rw-r--r--app/policies/todo_policy.rb7
1 files changed, 5 insertions, 2 deletions
diff --git a/app/policies/todo_policy.rb b/app/policies/todo_policy.rb
index d01a046c343..6237fbc50fa 100644
--- a/app/policies/todo_policy.rb
+++ b/app/policies/todo_policy.rb
@@ -5,7 +5,10 @@ class TodoPolicy < BasePolicy
condition(:own_todo) do
@user && @subject.user_id == @user.id
end
+ condition(:can_read_target) do
+ @user && @subject.target&.readable_by?(@user)
+ end
- rule { own_todo }.enable :read_todo
- rule { own_todo }.enable :update_todo
+ rule { own_todo & can_read_target }.enable :read_todo
+ rule { own_todo & can_read_target }.enable :update_todo
end