diff options
author | Robert Speicher <robert@gitlab.com> | 2016-08-30 22:32:17 +0000 |
---|---|---|
committer | Robert Speicher <robert@gitlab.com> | 2016-08-30 22:32:17 +0000 |
commit | b8d44c4c4d7cb252ee39be9dceb657d3e5522ed1 (patch) | |
tree | 1d252bf2161d36e79723a743199a4ec05f2ac707 /lib | |
parent | 7dd97cff3448b6b5d081829e782823113c2db91f (diff) | |
parent | 5c5d13c42d152ba58818a572a51e796cba4a281d (diff) | |
download | gitlab-ce-b8d44c4c4d7cb252ee39be9dceb657d3e5522ed1.tar.gz |
Merge branch 'prevent_authored_awardable_votes' into 'master'
prevent authored awardable thumbs votes
## What does this MR do?
This MR should prevent users from upvoting or downvoting issues/merge requests/notes authored by them.
## What are the relevant issue numbers?
Closes #20913
See merge request !5841
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/award_emoji.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/api/award_emoji.rb b/lib/api/award_emoji.rb index 2efe7e3adf3..7c22b17e4e5 100644 --- a/lib/api/award_emoji.rb +++ b/lib/api/award_emoji.rb @@ -54,7 +54,7 @@ module API post endpoint do required_attributes! [:name] - not_found!('Award Emoji') unless can_read_awardable? + not_found!('Award Emoji') unless can_read_awardable? && can_award_awardable? award = awardable.create_award_emoji(params[:name], current_user) @@ -92,6 +92,10 @@ module API can?(current_user, ability, awardable) end + def can_award_awardable? + awardable.user_can_award?(current_user, params[:name]) + end + def awardable @awardable ||= begin |