Adds validation to check if user can read project

An issuable should not be available to a user if the project is not visible to that specific user
author: Tiago Botelho <tiagonbotelho@hotmail.com> 2018-12-07 15:48:38 +0000
committer: Tiago Botelho <tiagonbotelho@hotmail.com> 2018-12-19 10:56:11 +0000
commit: 52feca595a3311fc12a6f35191a24ff61c33e440 (patch)
tree: 5131015b5e30d3407211fb7431a0ad1ad95b7e48 /app/policies
parent: ffef28ccd6d37ade2c3ee3ca46679749f9cf09aa (diff)
download: gitlab-ce-52feca595a3311fc12a6f35191a24ff61c33e440.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/policies/issuable_policy.rb b/app/policies/issuable_policy.rb
index 6d8b575102e..ecb2797d1d9 100644
--- a/app/policies/issuable_policy.rb
+++ b/app/policies/issuable_policy.rb
@@ -11,7 +11,7 @@ class IssuablePolicy < BasePolicy
     @user && @subject.assignee_or_author?(@user)
   end
 
-  rule { assignee_or_author }.policy do
+  rule { can?(:guest_access) & assignee_or_author }.policy do
     enable :read_issue
     enable :update_issue
     enable :reopen_issue
author	Tiago Botelho <tiagonbotelho@hotmail.com>	2018-12-07 15:48:38 +0000
committer	Tiago Botelho <tiagonbotelho@hotmail.com>	2018-12-19 10:56:11 +0000
commit	52feca595a3311fc12a6f35191a24ff61c33e440 (patch)
tree	5131015b5e30d3407211fb7431a0ad1ad95b7e48 /app/policies
parent	ffef28ccd6d37ade2c3ee3ca46679749f9cf09aa (diff)
download	gitlab-ce-52feca595a3311fc12a6f35191a24ff61c33e440.tar.gz