Restrict access to references for confidential issues

author: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-03-17 17:39:50 -0300
committer: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-03-17 20:55:59 -0300
commit: 43d8bdb4f048cbeb5675ed9120cb1aeb415b9586 (patch)
tree: f773a103dd7da08866c813e19567c5055e137e9f /lib
parent: 34ee75379cf8e6459b8926fbf956a8316f87eea7 (diff)
download: gitlab-ce-43d8bdb4f048cbeb5675ed9120cb1aeb415b9586.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/banzai/filter/issue_reference_filter.rb b/lib/banzai/filter/issue_reference_filter.rb
index 9f08aa36e8b..2732e0b5145 100644
--- a/lib/banzai/filter/issue_reference_filter.rb
+++ b/lib/banzai/filter/issue_reference_filter.rb
@@ -9,6 +9,11 @@ module Banzai
         Issue
       end
 
+      def self.user_can_see_reference?(user, node, context)
+        issue = Issue.find(node.attr('data-issue')) rescue nil
+        Ability.abilities.allowed?(user, :read_issue, issue)
+      end
+
       def find_object(project, id)
         project.get_issue(id)
       end
author	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-03-17 17:39:50 -0300
committer	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-03-17 20:55:59 -0300
commit	43d8bdb4f048cbeb5675ed9120cb1aeb415b9586 (patch)
tree	f773a103dd7da08866c813e19567c5055e137e9f /lib
parent	34ee75379cf8e6459b8926fbf956a8316f87eea7 (diff)
download	gitlab-ce-43d8bdb4f048cbeb5675ed9120cb1aeb415b9586.tar.gz