Dont allow set assignee, milestone or labels if user is guest

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-06-25 16:17:48 +0200
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-06-25 16:17:48 +0200
commit: 0bcfe9a0dcf630b166376bf05de966132d6ee45d (patch)
tree: 276a415b4d3ddfca709af69bb3ff2d031adf453a /app/services/issues
parent: 5ff870a044150bef027b903bd944b8cc0578f798 (diff)
download: gitlab-ce-0bcfe9a0dcf630b166376bf05de966132d6ee45d.tar.gz
2 files changed, 2 insertions, 0 deletions
diff --git a/app/services/issues/create_service.rb b/app/services/issues/create_service.rb
index d5c17906a55..1ea4b72216c 100644
--- a/app/services/issues/create_service.rb
+++ b/app/services/issues/create_service.rb
@@ -1,6 +1,7 @@
 module Issues
   class CreateService < Issues::BaseService
     def execute
+      filter_params
       label_params = params[:label_ids]
       issue = project.issues.new(params.except(:label_ids))
       issue.author = current_user
diff --git a/app/services/issues/update_service.rb b/app/services/issues/update_service.rb
index 6af942a5ca4..3220facaf7c 100644
--- a/app/services/issues/update_service.rb
+++ b/app/services/issues/update_service.rb
@@ -17,6 +17,7 @@ module Issues
       params[:assignee_id]  = "" if params[:assignee_id] == IssuableFinder::NONE
       params[:milestone_id] = "" if params[:milestone_id] == IssuableFinder::NONE
 
+      filter_params
       old_labels = issue.labels.to_a
 
       if params.present? && issue.update_attributes(params.except(:state_event,
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2015-06-25 16:17:48 +0200
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2015-06-25 16:17:48 +0200
commit	0bcfe9a0dcf630b166376bf05de966132d6ee45d (patch)
tree	276a415b4d3ddfca709af69bb3ff2d031adf453a /app/services/issues
parent	5ff870a044150bef027b903bd944b8cc0578f798 (diff)
download	gitlab-ce-0bcfe9a0dcf630b166376bf05de966132d6ee45d.tar.gz