diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 12:48:32 +0000 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 12:48:35 +0000 |
commit | 9816b5cf75ac2b0ff3d35a78aa591b737024db7f (patch) | |
tree | 792a9bdbf8c2a36672f0a37cf90416860352de12 /lib | |
parent | f25ba7820ed2c3f2461c09191369b80d18e9b934 (diff) | |
download | gitlab-ce-9816b5cf75ac2b0ff3d35a78aa591b737024db7f.tar.gz |
Merge branch 'security-2779-fix-email-comment-permissions-check-11-6' into 'security-11-6'
[11.6] Fix discussion replies permissions check
See merge request gitlab/gitlabhq!2825
(cherry picked from commit 367767766d9727101908a1f195120732d72201b1)
313a9f2e Prevent comments by email when issue is locked
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/email/handler/reply_processing.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gitlab/email/handler/reply_processing.rb b/lib/gitlab/email/handler/reply_processing.rb index ff6b2c729b2..4013d2736ce 100644 --- a/lib/gitlab/email/handler/reply_processing.rb +++ b/lib/gitlab/email/handler/reply_processing.rb @@ -43,7 +43,7 @@ module Gitlab raise ProjectNotFound unless author.can?(:read_project, project) end - raise UserNotAuthorizedError unless author.can?(permission, project || noteable) + raise UserNotAuthorizedError unless author.can?(permission, try(:noteable) || project) end def verify_record!(record:, invalid_exception:, record_name:) |