summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorDouwe Maan <douwe@gitlab.com>2016-04-01 08:36:20 +0000
committerDouwe Maan <douwe@gitlab.com>2016-04-01 08:36:20 +0000
commit670f8540fabb37ac83c02738100eea5e69a66369 (patch)
treef7f335067f0b59fc1ccb56ff511339bbcea8e68f /app
parent98df8aab7ee1ba6228965faa3789ba91c9936ed6 (diff)
parent26b281035512758715ed9381b083bf003befbd5e (diff)
downloadgitlab-ce-670f8540fabb37ac83c02738100eea5e69a66369.tar.gz
Merge branch 'fix-mentions-on-confidential-issues-for-non-members' into 'master'
Mentions on confidential issues doesn't create todos for non-members Closes #14569 See merge request !3374
Diffstat (limited to 'app')
-rw-r--r--app/services/todo_service.rb24
1 files changed, 20 insertions, 4 deletions
diff --git a/app/services/todo_service.rb b/app/services/todo_service.rb
index f2662922e90..cfd69064548 100644
--- a/app/services/todo_service.rb
+++ b/app/services/todo_service.rb
@@ -170,14 +170,30 @@ class TodoService
end
def filter_mentioned_users(project, target, author)
- mentioned_users = target.mentioned_users.select do |user|
- user.can?(:read_project, project)
- end
-
+ mentioned_users = target.mentioned_users
+ mentioned_users = reject_users_without_access(mentioned_users, project, target)
mentioned_users.delete(author)
mentioned_users.uniq
end
+ def reject_users_without_access(users, project, target)
+ if target.is_a?(Note) && target.for_issue?
+ target = target.noteable
+ end
+
+ if target.is_a?(Issue)
+ select_users(users, :read_issue, target)
+ else
+ select_users(users, :read_project, project)
+ end
+ end
+
+ def select_users(users, ability, subject)
+ users.select do |user|
+ user.can?(ability.to_sym, subject)
+ end
+ end
+
def pending_todos(user, criteria = {})
valid_keys = [:project_id, :target_id, :target_type, :commit_id]
user.todos.pending.where(criteria.slice(*valid_keys))
View Lorry Controller Status