diff options
| author | Dmitriy Zaporozhets <dzaporozhets@gitlab.com> | 2015-04-13 14:10:25 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dzaporozhets@gitlab.com> | 2015-04-13 14:10:25 +0000 |
| commit | ecb58dacd614de66c00c8df673abb96fafa5d452 (patch) | |
| tree | 9ed48d7b39bdc67b841b58e33d40e3a4231ab207 /app/services/projects | |
| parent | 8cf1a6f0a3b58b299e1c63283400c05209270dc2 (diff) | |
| parent | 16e1076e6f69626e1d8bf53f52dc67baee9fb51e (diff) | |
| download | gitlab-ce-ecb58dacd614de66c00c8df673abb96fafa5d452.tar.gz | |
Merge branch 'reference-access-control' into 'master'
Only allow users to reference groups, projects, issues, MRs, commits they have access to.
Addresses https://dev.gitlab.org/gitlab/gitlabhq/issues/2183.
See merge request !1742
Diffstat (limited to 'app/services/projects')
| -rw-r--r-- | app/services/projects/participants_service.rb | 19 |
1 files changed, 7 insertions, 12 deletions
diff --git a/app/services/projects/participants_service.rb b/app/services/projects/participants_service.rb index bcbacbff562..ae6260bcdab 100644 --- a/app/services/projects/participants_service.rb +++ b/app/services/projects/participants_service.rb @@ -1,10 +1,5 @@ module Projects class ParticipantsService < BaseService - def initialize(project, user) - @project = project - @user = user - end - def execute(note_type, note_id) participating = if note_type && note_id @@ -12,7 +7,7 @@ module Projects else [] end - project_members = sorted(@project.team.members) + project_members = sorted(project.team.members) participants = all_members + groups + project_members + participating participants.uniq end @@ -20,11 +15,11 @@ module Projects def participants_in(type, id) users = case type when "Issue" - issue = @project.issues.find_by_iid(id) - issue ? issue.participants : [] + issue = project.issues.find_by_iid(id) + issue ? issue.participants(current_user) : [] when "MergeRequest" - merge_request = @project.merge_requests.find_by_iid(id) - merge_request ? merge_request.participants : [] + merge_request = project.merge_requests.find_by_iid(id) + merge_request ? merge_request.participants(current_user) : [] when "Commit" author_ids = Note.for_commit_id(id).pluck(:author_id).uniq User.where(id: author_ids) @@ -41,14 +36,14 @@ module Projects end def groups - @user.authorized_groups.sort_by(&:path).map do |group| + current_user.authorized_groups.sort_by(&:path).map do |group| count = group.users.count { username: group.path, name: "#{group.name} (#{count})" } end end def all_members - count = @project.team.members.flatten.count + count = project.team.members.flatten.count [{ username: "all", name: "All Project and Group Members (#{count})" }] end end |