diff options
author | Sean McGivern <sean@gitlab.com> | 2016-06-27 13:24:08 +0100 |
---|---|---|
committer | Sean McGivern <sean@gitlab.com> | 2016-06-30 16:36:10 +0100 |
commit | db0d3fc3e96e5f2b0f642ea3240d5265c3ee659c (patch) | |
tree | 9968e5fca41afd4ceb9857283cf47963d26088a4 /app/services/todo_service.rb | |
parent | 293cf09056250c975c2b221f348b629b6d424b71 (diff) | |
download | gitlab-ce-db0d3fc3e96e5f2b0f642ea3240d5265c3ee659c.tar.gz |
Ensure logged-out users can't see private refs
Diffstat (limited to 'app/services/todo_service.rb')
-rw-r--r-- | app/services/todo_service.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/services/todo_service.rb b/app/services/todo_service.rb index 239bd17a035..6bb0a72d30e 100644 --- a/app/services/todo_service.rb +++ b/app/services/todo_service.rb @@ -237,7 +237,7 @@ class TodoService end def filter_mentioned_users(project, target, author) - mentioned_users = target.mentioned_users + mentioned_users = target.mentioned_users(author) mentioned_users = reject_users_without_access(mentioned_users, project, target) mentioned_users.delete(author) mentioned_users.uniq |