diff options
author | Douwe Maan <douwe@gitlab.com> | 2015-10-21 10:24:06 +0200 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2015-10-21 10:24:06 +0200 |
commit | d37cf6423759e445f0bff5121eb1ed1467ae0fd1 (patch) | |
tree | a82936658ac1058e96d535af7ef17ca0eb5bf790 /lib/gitlab/markdown/redactor_filter.rb | |
parent | d9944fdb59fe286022130f133f316b80dec04ea6 (diff) | |
parent | 35618a3dfffe546744123bcaf560ba9f74c42eef (diff) | |
download | gitlab-ce-d37cf6423759e445f0bff5121eb1ed1467ae0fd1.tar.gz |
Merge branch 'master' into hanloong/gitlab-ce-add-dates-snippets-show
Diffstat (limited to 'lib/gitlab/markdown/redactor_filter.rb')
-rw-r--r-- | lib/gitlab/markdown/redactor_filter.rb | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/lib/gitlab/markdown/redactor_filter.rb b/lib/gitlab/markdown/redactor_filter.rb new file mode 100644 index 00000000000..a1f3a8a8ebf --- /dev/null +++ b/lib/gitlab/markdown/redactor_filter.rb @@ -0,0 +1,40 @@ +require 'gitlab/markdown' +require 'html/pipeline/filter' + +module Gitlab + module Markdown + # HTML filter that removes references to records that the current user does + # not have permission to view. + # + # Expected to be run in its own post-processing pipeline. + # + class RedactorFilter < HTML::Pipeline::Filter + def call + doc.css('a.gfm').each do |node| + unless user_can_reference?(node) + node.replace(node.text) + end + end + + doc + end + + private + + def user_can_reference?(node) + if node.has_attribute?('data-reference-filter') + reference_type = node.attr('data-reference-filter') + reference_filter = reference_type.constantize + + reference_filter.user_can_reference?(current_user, node, context) + else + true + end + end + + def current_user + context[:current_user] + end + end + end +end |