Always allow references to the current project

author: Douwe Maan <douwe@gitlab.com> 2015-10-07 19:19:23 +0200
committer: Douwe Maan <douwe@gitlab.com> 2015-10-07 19:19:23 +0200
commit: 72afcbcd37f35e02544290977c2c91ae37c12c01 (patch)
tree: 71256f67f04a70b5b2fdff6ca99895341d2b9641 /lib/gitlab/markdown
parent: f42cfa9e8757161414f88e50d23b1d618bffad1f (diff)
download: gitlab-ce-72afcbcd37f35e02544290977c2c91ae37c12c01.tar.gz
4 files changed, 8 insertions, 5 deletions
diff --git a/lib/gitlab/markdown/redactor_filter.rb b/lib/gitlab/markdown/redactor_filter.rb
index 07ea6207d22..a1f3a8a8ebf 100644
--- a/lib/gitlab/markdown/redactor_filter.rb
+++ b/lib/gitlab/markdown/redactor_filter.rb
@@ -26,7 +26,7 @@ module Gitlab
           reference_type = node.attr('data-reference-filter')
           reference_filter = reference_type.constantize
 
-          reference_filter.user_can_reference?(current_user, node)
+          reference_filter.user_can_reference?(current_user, node, context)
         else
           true
         end
diff --git a/lib/gitlab/markdown/reference_filter.rb b/lib/gitlab/markdown/reference_filter.rb
index ea6136b3303..8ad52479d3d 100644
--- a/lib/gitlab/markdown/reference_filter.rb
+++ b/lib/gitlab/markdown/reference_filter.rb
@@ -15,9 +15,12 @@ module Gitlab
     # Results:
     #   :references - A Hash of references that were found and replaced.
     class ReferenceFilter < HTML::Pipeline::Filter
-      def self.user_can_reference?(user, node)
+      def self.user_can_reference?(user, node, context)
         if node.has_attribute?('data-project')
-          project = Project.find(node.attr('data-project')) rescue nil
+          project_id = node.attr('data-project').to_i
+          return true if project_id == context[:project].id
+          
+          project = Project.find(project_id) rescue nil
           Ability.abilities.allowed?(user, :read_project, project)
         else
           true
diff --git a/lib/gitlab/markdown/reference_gatherer_filter.rb b/lib/gitlab/markdown/reference_gatherer_filter.rb
index d64671e9550..171ff906da6 100644
--- a/lib/gitlab/markdown/reference_gatherer_filter.rb
+++ b/lib/gitlab/markdown/reference_gatherer_filter.rb
@@ -31,7 +31,7 @@ module Gitlab
         reference_type = node.attr('data-reference-filter')
         reference_filter = reference_type.constantize
 
-        return unless reference_filter.user_can_reference?(current_user, node)
+        return unless reference_filter.user_can_reference?(current_user, node, context)
 
         references = reference_filter.referenced_by(node)
         return unless references
diff --git a/lib/gitlab/markdown/user_reference_filter.rb b/lib/gitlab/markdown/user_reference_filter.rb
index 0d2be7499b7..4567e983692 100644
--- a/lib/gitlab/markdown/user_reference_filter.rb
+++ b/lib/gitlab/markdown/user_reference_filter.rb
@@ -42,7 +42,7 @@ module Gitlab
         end
       end
 
-      def self.user_can_reference?(user, node)
+      def self.user_can_reference?(user, node, context)
         if node.has_attribute?('data-group')
           group = Group.find(node.attr('data-group')) rescue nil
           Ability.abilities.allowed?(user, :read_group, group)
author	Douwe Maan <douwe@gitlab.com>	2015-10-07 19:19:23 +0200
committer	Douwe Maan <douwe@gitlab.com>	2015-10-07 19:19:23 +0200
commit	72afcbcd37f35e02544290977c2c91ae37c12c01 (patch)
tree	71256f67f04a70b5b2fdff6ca99895341d2b9641 /lib/gitlab/markdown
parent	f42cfa9e8757161414f88e50d23b1d618bffad1f (diff)
download	gitlab-ce-72afcbcd37f35e02544290977c2c91ae37c12c01.tar.gz