diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2021-08-03 19:05:59 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2021-08-03 19:05:59 +0000 |
commit | a75a9a2364e2c397ac2c114129516c1cc9b1ecea (patch) | |
tree | 998c34c313877741aa4748cc87891d0aa2bf4bce /app/policies/todo_policy.rb | |
parent | c8edb9de30c95e9e715a1e31e7667f94fb7f3dec (diff) | |
parent | 8c67b4991465e92dcd6752cc42e54a9c5cd9f0f2 (diff) | |
download | gitlab-ce-a75a9a2364e2c397ac2c114129516c1cc9b1ecea.tar.gz |
Merge remote-tracking branch 'dev/14-1-stable' into 14-1-stable
Diffstat (limited to 'app/policies/todo_policy.rb')
-rw-r--r-- | app/policies/todo_policy.rb | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/app/policies/todo_policy.rb b/app/policies/todo_policy.rb index d01a046c343..6237fbc50fa 100644 --- a/app/policies/todo_policy.rb +++ b/app/policies/todo_policy.rb @@ -5,7 +5,10 @@ class TodoPolicy < BasePolicy condition(:own_todo) do @user && @subject.user_id == @user.id end + condition(:can_read_target) do + @user && @subject.target&.readable_by?(@user) + end - rule { own_todo }.enable :read_todo - rule { own_todo }.enable :update_todo + rule { own_todo & can_read_target }.enable :read_todo + rule { own_todo & can_read_target }.enable :update_todo end |