diff options
author | Heinrich Lee Yu <hleeyu@gmail.com> | 2018-10-24 17:58:34 +0800 |
---|---|---|
committer | Heinrich Lee Yu <hleeyu@gmail.com> | 2018-10-26 10:27:25 +0800 |
commit | 6dda85927d88461506e7255f5ba49bdeac33699e (patch) | |
tree | a538df159e05d8a12bbbc93eb56a60b9868e22c5 /app | |
parent | 5b27e2dbda5f35a7d2fca0462349ddbad67bd04c (diff) | |
download | gitlab-ce-6dda85927d88461506e7255f5ba49bdeac33699e.tar.gz |
Update boards issue creation authorization
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/concerns/boards_responses.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/app/controllers/concerns/boards_responses.rb b/app/controllers/concerns/boards_responses.rb index b7e4f9b81f1..e6c54e688b6 100644 --- a/app/controllers/concerns/boards_responses.rb +++ b/app/controllers/concerns/boards_responses.rb @@ -50,7 +50,14 @@ module BoardsResponses end def authorize_create_issue - authorize_action_for!(project, :admin_issue) + board = board_parent.boards.find(issue_params[:board_id]) + list = board.lists.find(issue_params[:list_id]) + + if list.backlog? + authorize_action_for!(project, :create_issue) + else + authorize_action_for!(project, :admin_issue) + end end def authorize_admin_list |