diff options
author | Douwe Maan <douwe@gitlab.com> | 2018-05-07 19:55:00 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2018-05-07 19:55:00 +0000 |
commit | 94099f2dd6e4b468886e1de787d4888cfc3114f7 (patch) | |
tree | 3ac846c8d21a145223150b4b844fe25b753d9acd /lib | |
parent | 797a080681233e97ccc0c9ba72431e4b450fff7b (diff) | |
parent | 02741ca4c58c625070d06c248125b2f510ac2c0b (diff) | |
download | gitlab-ce-94099f2dd6e4b468886e1de787d4888cfc3114f7.tar.gz |
Merge branch '5480-epic-notifications-ce' into 'master'
Backport 5480-epic-notifications from EE
See merge request gitlab-org/gitlab-ce!18724
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/email/handler/create_note_handler.rb | 3 | ||||
-rw-r--r-- | lib/gitlab/email/handler/reply_processing.rb | 8 |
2 files changed, 8 insertions, 3 deletions
diff --git a/lib/gitlab/email/handler/create_note_handler.rb b/lib/gitlab/email/handler/create_note_handler.rb index 8eea33b9ab5..5791dbd0484 100644 --- a/lib/gitlab/email/handler/create_note_handler.rb +++ b/lib/gitlab/email/handler/create_note_handler.rb @@ -8,6 +8,7 @@ module Gitlab include ReplyProcessing delegate :project, to: :sent_notification, allow_nil: true + delegate :noteable, to: :sent_notification def can_handle? mail_key =~ /\A\w+\z/ @@ -18,7 +19,7 @@ module Gitlab validate_permission!(:create_note) - raise NoteableNotFoundError unless sent_notification.noteable + raise NoteableNotFoundError unless noteable raise EmptyEmailError if message.blank? verify_record!( diff --git a/lib/gitlab/email/handler/reply_processing.rb b/lib/gitlab/email/handler/reply_processing.rb index 32c5caf93e8..da5ff350549 100644 --- a/lib/gitlab/email/handler/reply_processing.rb +++ b/lib/gitlab/email/handler/reply_processing.rb @@ -32,8 +32,12 @@ module Gitlab def validate_permission!(permission) raise UserNotFoundError unless author raise UserBlockedError if author.blocked? - raise ProjectNotFound unless author.can?(:read_project, project) - raise UserNotAuthorizedError unless author.can?(permission, project) + + if project + raise ProjectNotFound unless author.can?(:read_project, project) + end + + raise UserNotAuthorizedError unless author.can?(permission, project || noteable) end def verify_record!(record:, invalid_exception:, record_name:) |