diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-29 12:59:36 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-29 12:59:57 +0000 |
commit | 77e5b153659e884a5fa8442d675f2b88e9de2dd2 (patch) | |
tree | 1e0a5bf0dca7160afbd7f8fa578e61cc665b2ad5 /app | |
parent | a3adc9bca8f340d1e88fda2e5c5d24326417acc4 (diff) | |
download | gitlab-ce-77e5b153659e884a5fa8442d675f2b88e9de2dd2.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-3-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/assets/javascripts/users_select/index.js | 2 | ||||
-rw-r--r-- | app/controllers/projects/project_members_controller.rb | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/app/assets/javascripts/users_select/index.js b/app/assets/javascripts/users_select/index.js index 69b3c27173f..8ed92e6b948 100644 --- a/app/assets/javascripts/users_select/index.js +++ b/app/assets/javascripts/users_select/index.js @@ -842,7 +842,7 @@ UsersSelect.prototype.renderApprovalRules = function (elsClassName, approvalRule const [rule] = approvalRules; const countText = sprintf(__('(+%{count} rules)'), { count }); const renderApprovalRulesCount = count > 1 ? `<span class="ml-1">${countText}</span>` : ''; - const ruleName = rule.rule_type === 'code_owner' ? __('Code Owner') : rule.name; + const ruleName = rule.rule_type === 'code_owner' ? __('Code Owner') : escape(rule.name); return `<div class="gl-display-flex gl-font-sm"> <span class="gl-text-truncate" title="${ruleName}">${ruleName}</span> diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb index d0987492d2d..b979276437c 100644 --- a/app/controllers/projects/project_members_controller.rb +++ b/app/controllers/projects/project_members_controller.rb @@ -34,13 +34,13 @@ class Projects::ProjectMembersController < Projects::ApplicationController end def import - @projects = current_user.authorized_projects.order_id_desc + @projects = Project.visible_to_user_and_access_level(current_user, Gitlab::Access::MAINTAINER).order_id_desc end def apply_import source_project = Project.find(params[:source_project_id]) - if can?(current_user, :read_project_member, source_project) + if can?(current_user, :admin_project_member, source_project) status = @project.team.import(source_project, current_user) notice = status ? "Successfully imported" : "Import failed" else |