diff options
author | Tiago Botelho <tiagonbotelho@hotmail.com> | 2018-12-07 15:48:38 +0000 |
---|---|---|
committer | Tiago Botelho <tiagonbotelho@hotmail.com> | 2018-12-19 10:56:11 +0000 |
commit | 52feca595a3311fc12a6f35191a24ff61c33e440 (patch) | |
tree | 5131015b5e30d3407211fb7431a0ad1ad95b7e48 /app/policies | |
parent | ffef28ccd6d37ade2c3ee3ca46679749f9cf09aa (diff) | |
download | gitlab-ce-52feca595a3311fc12a6f35191a24ff61c33e440.tar.gz |
Adds validation to check if user can read project
An issuable should not be available to a user if the
project is not visible to that specific user
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/issuable_policy.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/policies/issuable_policy.rb b/app/policies/issuable_policy.rb index 6d8b575102e..ecb2797d1d9 100644 --- a/app/policies/issuable_policy.rb +++ b/app/policies/issuable_policy.rb @@ -11,7 +11,7 @@ class IssuablePolicy < BasePolicy @user && @subject.assignee_or_author?(@user) end - rule { assignee_or_author }.policy do + rule { can?(:guest_access) & assignee_or_author }.policy do enable :read_issue enable :update_issue enable :reopen_issue |