diff options
author | Valery Sizov <valery@gitlab.com> | 2016-10-04 15:52:08 +0300 |
---|---|---|
committer | Valery Sizov <valery@gitlab.com> | 2016-10-11 16:51:26 +0300 |
commit | b4004488f76d7360acd2f38277d617447c76b888 (patch) | |
tree | d52552cccf8b51ba4e099f0afbb05bf94a1a1472 /app/services | |
parent | a3169d522a0db269770141a1b30c3df5acee82f3 (diff) | |
download | gitlab-ce-b4004488f76d7360acd2f38277d617447c76b888.tar.gz |
Make guests unable to view MRsguests_cant_see_mrs
Diffstat (limited to 'app/services')
-rw-r--r-- | app/services/notification_service.rb | 6 | ||||
-rw-r--r-- | app/services/todo_service.rb | 6 |
2 files changed, 7 insertions, 5 deletions
diff --git a/app/services/notification_service.rb b/app/services/notification_service.rb index de8049b8e2e..72712afc07e 100644 --- a/app/services/notification_service.rb +++ b/app/services/notification_service.rb @@ -475,10 +475,12 @@ class NotificationService end def reject_users_without_access(recipients, target) - return recipients unless target.is_a?(Issue) + return recipients unless target.is_a?(Issuable) + + ability = :"read_#{target.to_ability_name}" recipients.select do |user| - user.can?(:read_issue, target) + user.can?(ability, target) end end diff --git a/app/services/todo_service.rb b/app/services/todo_service.rb index 776530ac0a5..f8e6b2ef094 100644 --- a/app/services/todo_service.rb +++ b/app/services/todo_service.rb @@ -273,12 +273,12 @@ class TodoService end def reject_users_without_access(users, project, target) - if target.is_a?(Note) && target.for_issue? + if target.is_a?(Note) && (target.for_issue? || target.for_merge_request?) target = target.noteable end - if target.is_a?(Issue) - select_users(users, :read_issue, target) + if target.is_a?(Issuable) + select_users(users, :"read_#{target.to_ability_name}", target) else select_users(users, :read_project, project) end |