diff options
| author | Lin Jen-Shin <godfat@godfat.org> | 2016-11-08 23:52:17 +0800 |
|---|---|---|
| committer | Lin Jen-Shin <godfat@godfat.org> | 2016-11-08 23:52:17 +0800 |
| commit | 3744d629e894afa3cb54c7edd2b61e0f17deb34f (patch) | |
| tree | 50bcc4cc425b0cdfff9c220418caf2ccf2a59239 /app/policies | |
| parent | d03615736f29cb791db6e98ad658a532d6c8d271 (diff) | |
| parent | 0108387053ac78bb2354511950fb5847a033e5d5 (diff) | |
| download | gitlab-ce-3744d629e894afa3cb54c7edd2b61e0f17deb34f.tar.gz | |
Merge remote-tracking branch 'upstream/master' into pipeline-notifications
* upstream/master: (70 commits)
Fix routing spec for group controller
Add small improvements to constrainers and specs
Faster search
Fix broken commits search
Changed helper method to check for none on params Moved if statements around in view
API: Return 400 when creating a systemhook fails
Update non-exist group spinach test to match routing
Bump omniauth-gitlab to 1.0.2 to fix incompatibility with omniauth-oauth2
Replace trigger with the new ID of the docs project
Refactor method name
17492 Update link color for more accessible contrast
Fixed todos empty state when filtering
Refactor namespace regex
implements reset incoming email token on issues modal and account page, reactivates all tests and writes more tests for it
Use separate email-friendly token for incoming email and let incoming email token be reset
Use the Gitlab Workhorse HTTP header in the admin dashboard
Refactor project routing
Fix 404 when visit /projects page
Rewritten spinach git_blame tests to rspec feature tests
Add tests for project#index routing
...
Diffstat (limited to 'app/policies')
| -rw-r--r-- | app/policies/issuable_policy.rb | 2 | ||||
| -rw-r--r-- | app/policies/issue_policy.rb | 9 |
2 files changed, 3 insertions, 8 deletions
diff --git a/app/policies/issuable_policy.rb b/app/policies/issuable_policy.rb index c253f9a9399..9501e499507 100644 --- a/app/policies/issuable_policy.rb +++ b/app/policies/issuable_policy.rb @@ -4,7 +4,7 @@ class IssuablePolicy < BasePolicy end def rules - if @user && (@subject.author == @user || @subject.assignee == @user) + if @user && @subject.assignee_or_author?(@user) can! :"read_#{action_name}" can! :"update_#{action_name}" end diff --git a/app/policies/issue_policy.rb b/app/policies/issue_policy.rb index bd1811a3c54..52fa33bc4b0 100644 --- a/app/policies/issue_policy.rb +++ b/app/policies/issue_policy.rb @@ -8,9 +8,8 @@ class IssuePolicy < IssuablePolicy if @subject.confidential? && !can_read_confidential? cannot! :read_issue - cannot! :admin_issue cannot! :update_issue - cannot! :read_issue + cannot! :admin_issue end end @@ -18,11 +17,7 @@ class IssuePolicy < IssuablePolicy def can_read_confidential? return false unless @user - return true if @user.admin? - return true if @subject.author == @user - return true if @subject.assignee == @user - return true if @subject.project.team.member?(@user, Gitlab::Access::REPORTER) - false + IssueCollection.new([@subject]).visible_to(@user).any? end end |