diff options
author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-05-16 11:30:57 +0000 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-05-16 11:30:57 +0000 |
commit | d0b1993bf813768bab3619d0eb6bead0211d16bf (patch) | |
tree | 7c453a4dd0dc18fe93cf38b2f303dff7c9b2669e /app | |
parent | 390918b06d980123cb0439af30d5b3ea64925c49 (diff) | |
parent | 5210778d6ef61d006a67cec8a785da6c112fc76c (diff) | |
download | gitlab-ce-d0b1993bf813768bab3619d0eb6bead0211d16bf.tar.gz |
Merge branch 'unauthorized-participants' into 'master'
Don't send notifications to mentioned users that don't have access to the project in question.
Fixes internal issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2325.
See merge request !664
Diffstat (limited to 'app')
-rw-r--r-- | app/models/concerns/participable.rb | 20 | ||||
-rw-r--r-- | app/services/notification_service.rb | 23 |
2 files changed, 29 insertions, 14 deletions
diff --git a/app/models/concerns/participable.rb b/app/models/concerns/participable.rb index a4832204f7b..9f667f47e0d 100644 --- a/app/models/concerns/participable.rb +++ b/app/models/concerns/participable.rb @@ -35,8 +35,8 @@ module Participable end end - def participants(current_user = self.author) - self.class.participant_attrs.flat_map do |attr| + def participants(current_user = self.author, project = self.project) + participants = self.class.participant_attrs.flat_map do |attr| meth = method(attr) value = @@ -46,20 +46,28 @@ module Participable meth.call end - participants_for(value, current_user) + participants_for(value, current_user, project) end.compact.uniq + + if project + participants.select! do |user| + user.can?(:read_project, project) + end + end + + participants end private - def participants_for(value, current_user = nil) + def participants_for(value, current_user = nil, project = nil) case value when User [value] when Enumerable, ActiveRecord::Relation - value.flat_map { |v| participants_for(v, current_user) } + value.flat_map { |v| participants_for(v, current_user, project) } when Participable - value.participants(current_user) + value.participants(current_user, project) end end end diff --git a/app/services/notification_service.rb b/app/services/notification_service.rb index 0d7ffbeebd9..312b56eb87b 100644 --- a/app/services/notification_service.rb +++ b/app/services/notification_service.rb @@ -91,10 +91,14 @@ class NotificationService # * project team members with notification level higher then Participating # def merge_mr(merge_request, current_user) - recipients = reject_muted_users([merge_request.author, merge_request.assignee], merge_request.target_project) + recipients = [merge_request.author, merge_request.assignee] + + recipients = add_project_watchers(recipients, merge_request.target_project) + recipients = reject_muted_users(recipients, merge_request.target_project) + recipients = add_subscribed_users(recipients, merge_request) recipients = reject_unsubscribed_users(recipients, merge_request) - recipients = recipients.concat(project_watchers(merge_request.target_project)).uniq + recipients.delete(current_user) recipients.each do |recipient| @@ -137,20 +141,17 @@ class NotificationService recipients = recipients.concat(participants) # Merge project watchers - recipients = recipients.concat(project_watchers(note.project)).compact.uniq + recipients = add_project_watchers(recipients, note.project) # Reject users with Mention notification level, except those mentioned in _this_ note. recipients = reject_mention_users(recipients - note.mentioned_users, note.project) recipients = recipients + note.mentioned_users - # Reject mutes users recipients = reject_muted_users(recipients, note.project) recipients = add_subscribed_users(recipients, note.noteable) - recipients = reject_unsubscribed_users(recipients, note.noteable) - # Reject author recipients.delete(note.author) # build notify method like 'note_commit_email' @@ -287,6 +288,10 @@ class NotificationService users end + def add_project_watchers(recipients, project) + recipients.concat(project_watchers(project)).compact.uniq + end + # Remove users with disabled notifications from array # Also remove duplications and nil recipients def reject_muted_users(users, project = nil) @@ -403,11 +408,13 @@ class NotificationService [target.author, target.assignee] end - recipients = reject_muted_users(recipients, project) + recipients = add_project_watchers(recipients, project) recipients = reject_mention_users(recipients, project) + recipients = reject_muted_users(recipients, project) + recipients = add_subscribed_users(recipients, target) - recipients = recipients.concat(project_watchers(project)).uniq recipients = reject_unsubscribed_users(recipients, target) + recipients end |