diff options
| author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 12:47:40 +0000 |
|---|---|---|
| committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 12:47:43 +0000 |
| commit | 2692cee68bb961019e555168a55f729a7e125095 (patch) | |
| tree | 5d8b5e989bade9ff727c7386b951ba39d9808fff /app | |
| parent | 9128a397824d6e402bc5098fc5427c8280604881 (diff) | |
| download | gitlab-ce-2692cee68bb961019e555168a55f729a7e125095.tar.gz | |
Merge branch 'security-2776-fix-add-reaction-permissions-11-6' into 'security-11-6'
[11.6] Revoke award_emoji permissions for confidential issues
See merge request gitlab/gitlabhq!2850
(cherry picked from commit f645472619fe1e1ec4fdaa02010408d548287efb)
47d86827 Prevent award_emoji to notes not visible to user
Diffstat (limited to 'app')
| -rw-r--r-- | app/policies/note_policy.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/policies/note_policy.rb b/app/policies/note_policy.rb index f22843b6463..8d23e3abed3 100644 --- a/app/policies/note_policy.rb +++ b/app/policies/note_policy.rb @@ -18,6 +18,7 @@ class NotePolicy < BasePolicy prevent :read_note prevent :admin_note prevent :resolve_note + prevent :award_emoji end rule { is_author }.policy do |