Ensure logged-out users can't see private refs

author: Sean McGivern <sean@gitlab.com> 2016-06-27 13:24:08 +0100
committer: Sean McGivern <sean@gitlab.com> 2016-06-30 16:36:10 +0100
commit: db0d3fc3e96e5f2b0f642ea3240d5265c3ee659c (patch)
tree: 9968e5fca41afd4ceb9857283cf47963d26088a4 /app/services/todo_service.rb
parent: 293cf09056250c975c2b221f348b629b6d424b71 (diff)
download: gitlab-ce-db0d3fc3e96e5f2b0f642ea3240d5265c3ee659c.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/services/todo_service.rb b/app/services/todo_service.rb
index 239bd17a035..6bb0a72d30e 100644
--- a/app/services/todo_service.rb
+++ b/app/services/todo_service.rb
@@ -237,7 +237,7 @@ class TodoService
   end
 
   def filter_mentioned_users(project, target, author)
-    mentioned_users = target.mentioned_users
+    mentioned_users = target.mentioned_users(author)
     mentioned_users = reject_users_without_access(mentioned_users, project, target)
     mentioned_users.delete(author)
     mentioned_users.uniq
author	Sean McGivern <sean@gitlab.com>	2016-06-27 13:24:08 +0100
committer	Sean McGivern <sean@gitlab.com>	2016-06-30 16:36:10 +0100
commit	db0d3fc3e96e5f2b0f642ea3240d5265c3ee659c (patch)
tree	9968e5fca41afd4ceb9857283cf47963d26088a4 /app/services/todo_service.rb
parent	293cf09056250c975c2b221f348b629b6d424b71 (diff)
download	gitlab-ce-db0d3fc3e96e5f2b0f642ea3240d5265c3ee659c.tar.gz