diff options
author | Jan Provaznik <jprovaznik@gitlab.com> | 2019-09-17 14:38:09 +0200 |
---|---|---|
committer | Yorick Peterse <yorick@yorickpeterse.com> | 2019-09-30 14:22:04 +0200 |
commit | 2bb752322ed52dffa2741f0c2608e65a447ee1c4 (patch) | |
tree | c4de2c4827d81656b58862a56e1c7d6a9f3fb07c /app/policies | |
parent | 6a49482316c2dfb003c5c8d0646bc80a9ce50df8 (diff) | |
download | gitlab-ce-2bb752322ed52dffa2741f0c2608e65a447ee1c4.tar.gz |
Filter not accessible label events
Label events may use cross-project or cross-group references,
if the projects are not accessible by user, we don't show these
label events.
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/resource_label_event_policy.rb | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/app/policies/resource_label_event_policy.rb b/app/policies/resource_label_event_policy.rb new file mode 100644 index 00000000000..de4748d9890 --- /dev/null +++ b/app/policies/resource_label_event_policy.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +class ResourceLabelEventPolicy < BasePolicy + condition(:can_read_label) { @subject.label_id.nil? || can?(:read_label, @subject.label) } + condition(:can_read_issuable) { can?(:"read_#{@subject.issuable.to_ability_name}", @subject.issuable) } + + rule { can_read_label }.policy do + enable :read_label + end + + rule { can_read_label & can_read_issuable }.policy do + enable :read_resource_label_event + end +end |