Restrict access for confidential issues on milestone view

author: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-03-17 17:59:30 -0300
committer: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-03-17 20:55:59 -0300
commit: 482bfd1a6d454652feb1f64c0c0e1c50ce701986 (patch)
tree: 25cdac5545994663d823244be207e3e232546335 /app
parent: 1029f4101b1de98ec7ffa706530bf405ffa71060 (diff)
download: gitlab-ce-482bfd1a6d454652feb1f64c0c0e1c50ce701986.tar.gz
8 files changed, 26 insertions, 22 deletions
diff --git a/app/helpers/milestones_helper.rb b/app/helpers/milestones_helper.rb
index e8ac8788d9d..92ed0891e92 100644
--- a/app/helpers/milestones_helper.rb
+++ b/app/helpers/milestones_helper.rb
@@ -38,7 +38,7 @@ module MilestonesHelper
   def milestone_progress_bar(milestone)
     options = {
       class: 'progress-bar progress-bar-success',
-      style: "width: #{milestone.percent_complete}%;"
+      style: "width: #{milestone.percent_complete(current_user)}%;"
     }
 
     content_tag :div, class: 'progress' do
diff --git a/app/models/concerns/milestoneish.rb b/app/models/concerns/milestoneish.rb
index d67df7c1d9c..5b8e3f654ea 100644
--- a/app/models/concerns/milestoneish.rb
+++ b/app/models/concerns/milestoneish.rb
@@ -1,18 +1,18 @@
 module Milestoneish
-  def closed_items_count
-    issues.closed.size + merge_requests.closed_and_merged.size
+  def closed_items_count(user = nil)
+    issues_visible_to_user(user).closed.size + merge_requests.closed_and_merged.size
   end
 
-  def total_items_count
-    issues.size + merge_requests.size
+  def total_items_count(user = nil)
+    issues_visible_to_user(user).size + merge_requests.size
   end
 
-  def complete?
-    total_items_count == closed_items_count
+  def complete?(user = nil)
+    total_items_count(user) == closed_items_count(user)
   end
 
-  def percent_complete
-    ((closed_items_count * 100) / total_items_count).abs
+  def percent_complete(user = nil)
+    ((closed_items_count(user) * 100) / total_items_count(user)).abs
   rescue ZeroDivisionError
     0
   end
@@ -22,4 +22,8 @@ module Milestoneish
 
     (due_date - Date.today).to_i
   end
+
+  def issues_visible_to_user(user = nil)
+    issues.visible_to_user(user)
+  end
 end
diff --git a/app/models/milestone.rb b/app/models/milestone.rb
index 374590ba0c5..de7183bf6b4 100644
--- a/app/models/milestone.rb
+++ b/app/models/milestone.rb
@@ -121,8 +121,8 @@ class Milestone < ActiveRecord::Base
     active? && issues.opened.count.zero?
   end
 
-  def is_empty?
-    total_items_count.zero?
+  def is_empty?(user = nil)
+    total_items_count(user).zero?
   end
 
   def author_id
diff --git a/app/views/projects/milestones/show.html.haml b/app/views/projects/milestones/show.html.haml
index b4597043a27..be63875ab34 100644
--- a/app/views/projects/milestones/show.html.haml
+++ b/app/views/projects/milestones/show.html.haml
@@ -42,7 +42,7 @@
           = preserve do
             = markdown @milestone.description
 
-- if @milestone.complete? && @milestone.active?
+- if @milestone.complete?(current_user) && @milestone.active?
   .alert.alert-success.prepend-top-default
     %span All issues for this milestone are closed. You may close milestone now.
 
diff --git a/app/views/shared/milestones/_milestone.html.haml b/app/views/shared/milestones/_milestone.html.haml
index f01138af3f0..6b25745c554 100644
--- a/app/views/shared/milestones/_milestone.html.haml
+++ b/app/views/shared/milestones/_milestone.html.haml
@@ -6,10 +6,10 @@
     .col-sm-6
       %strong= link_to_gfm truncate(milestone.title, length: 100), milestone_path
     .col-sm-6
-      .pull-right.light #{milestone.percent_complete}% complete
+      .pull-right.light #{milestone.percent_complete(current_user)}% complete
   .row
     .col-sm-6
-      = link_to pluralize(milestone.issues.size, 'Issue'), issues_path
+      = link_to pluralize(milestone.issues_visible_to_user(current_user).size, 'Issue'), issues_path
       &middot;
       = link_to pluralize(milestone.merge_requests.size, 'Merge Request'), merge_requests_path
     .col-sm-6= milestone_progress_bar(milestone)
diff --git a/app/views/shared/milestones/_summary.html.haml b/app/views/shared/milestones/_summary.html.haml
index 59d4ae29f79..385c6596606 100644
--- a/app/views/shared/milestones/_summary.html.haml
+++ b/app/views/shared/milestones/_summary.html.haml
@@ -3,15 +3,15 @@
 .context.prepend-top-default
   .milestone-summary
     %h4 Progress
-    %strong= milestone.issues.size
+    %strong= milestone.issues_visible_to_user(current_user).size
     issues:
     %span.milestone-stat
-      %strong= milestone.issues.opened.size
+      %strong= milestone.issues_visible_to_user(current_user).opened.size
       open and
-      %strong= milestone.issues.closed.size
+      %strong= milestone.issues_visible_to_user(current_user).closed.size
       closed
     %span.milestone-stat
-      %strong== #{milestone.percent_complete}%
+      %strong== #{milestone.percent_complete(current_user)}%
       complete
 
     %span.milestone-stat
diff --git a/app/views/shared/milestones/_tabs.html.haml b/app/views/shared/milestones/_tabs.html.haml
index 57d7ee85a3b..2b6ce2d7e7a 100644
--- a/app/views/shared/milestones/_tabs.html.haml
+++ b/app/views/shared/milestones/_tabs.html.haml
@@ -2,7 +2,7 @@
   %li.active
     = link_to '#tab-issues', 'data-toggle' => 'tab', 'data-show' => '.tab-issues-buttons' do
       Issues
-      %span.badge= milestone.issues.size
+      %span.badge= milestone.issues_visible_to_user(current_user).size
   %li
     = link_to '#tab-merge-requests', 'data-toggle' => 'tab', 'data-show' => '.tab-merge-requests-buttons' do
       Merge Requests
@@ -21,7 +21,7 @@
 
 .tab-content.milestone-content
   .tab-pane.active#tab-issues
-    = render 'shared/milestones/issues_tab', issues: milestone.issues, show_project_name: show_project_name, show_full_project_name: show_full_project_name
+    = render 'shared/milestones/issues_tab', issues: milestone.issues_visible_to_user(current_user), show_project_name: show_project_name, show_full_project_name: show_full_project_name
   .tab-pane#tab-merge-requests
     = render 'shared/milestones/merge_requests_tab', merge_requests: milestone.merge_requests, show_project_name: show_project_name, show_full_project_name: show_full_project_name
   .tab-pane#tab-participants
diff --git a/app/views/shared/milestones/_top.html.haml b/app/views/shared/milestones/_top.html.haml
index 4cf1d948b5b..cab8743a077 100644
--- a/app/views/shared/milestones/_top.html.haml
+++ b/app/views/shared/milestones/_top.html.haml
@@ -28,7 +28,7 @@
   %h2.title
     = markdown escape_once(milestone.title), pipeline: :single_line
 
-- if milestone.complete? && milestone.active?
+- if milestone.complete?(current_user) && milestone.active?
   .alert.alert-success.prepend-top-default
     - close_msg = group ? 'You may close the milestone now.' : 'Navigate to the project to close the milestone.'
     %span All issues for this milestone are closed. #{close_msg}
@@ -47,7 +47,7 @@
           - project_name = group ? ms.project.name : ms.project.name_with_namespace
           = link_to project_name, namespace_project_milestone_path(ms.project.namespace, ms.project, ms)
         %td
-          = ms.issues.opened.count
+          = ms.issues_visible_to_user(current_user).opened.count
         %td
           - if ms.closed?
             Closed
author	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-03-17 17:59:30 -0300
committer	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-03-17 20:55:59 -0300
commit	482bfd1a6d454652feb1f64c0c0e1c50ce701986 (patch)
tree	25cdac5545994663d823244be207e3e232546335 /app
parent	1029f4101b1de98ec7ffa706530bf405ffa71060 (diff)
download	gitlab-ce-482bfd1a6d454652feb1f64c0c0e1c50ce701986.tar.gz