diff options
author | Douwe Maan <douwe@gitlab.com> | 2015-03-27 11:38:22 +0100 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2015-04-02 10:56:04 +0200 |
commit | ca58e369c9f2a72402cfcf4d86d29c115b1b909c (patch) | |
tree | 1168d4560477212520ba9d9d022779665a797722 /lib/gitlab/reference_extractor.rb | |
parent | b1ef1aa59f5ccb78be6d2462b56ed6bafebe65c0 (diff) | |
download | gitlab-ce-ca58e369c9f2a72402cfcf4d86d29c115b1b909c.tar.gz |
Only allow user to reference objects they have access to.
Diffstat (limited to 'lib/gitlab/reference_extractor.rb')
-rw-r--r-- | lib/gitlab/reference_extractor.rb | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/lib/gitlab/reference_extractor.rb b/lib/gitlab/reference_extractor.rb index 90e04818719..3bf6f14a7bc 100644 --- a/lib/gitlab/reference_extractor.rb +++ b/lib/gitlab/reference_extractor.rb @@ -1,16 +1,24 @@ module Gitlab # Extract possible GFM references from an arbitrary String for further processing. class ReferenceExtractor - attr_accessor :project, :references + attr_accessor :project, :current_user, :references include Markdown - def initialize(project) + def initialize(project, current_user = nil) @project = project + @current_user = user @references = Hash.new { [] } end + def can?(user, action, subject) + # When extracting references, no user means access to everything. + return true if user.nil? + + Ability.abilities.allowed?(user, action, subject) + end + def analyze(text) text = text.dup @@ -79,7 +87,7 @@ module Gitlab private - def reference_link(type, identifier, project, _) + def reference_link(type, identifier, project, user, _) references[type] << { project: project, id: identifier } end |