summaryrefslogtreecommitdiff
path: root/app/models/note.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/models/note.rb')
-rw-r--r--app/models/note.rb27
1 files changed, 20 insertions, 7 deletions
diff --git a/app/models/note.rb b/app/models/note.rb
index a143c21c0f9..3f3fa968393 100644
--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -27,10 +27,14 @@ class Note < ApplicationRecord
redact_field :note
- TYPES_RESTRICTED_BY_ABILITY = {
+ TYPES_RESTRICTED_BY_PROJECT_ABILITY = {
branch: :download_code
}.freeze
+ TYPES_RESTRICTED_BY_GROUP_ABILITY = {
+ contact: :read_crm_contact
+ }.freeze
+
# Aliases to make application_helper#edited_time_ago_with_tooltip helper work properly with notes.
# See https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/10392/diffs#note_28719102
alias_attribute :last_edited_by, :updated_by
@@ -119,7 +123,7 @@ class Note < ApplicationRecord
scope :inc_author, -> { includes(:author) }
scope :with_api_entity_associations, -> { preload(:note_diff_file, :author) }
scope :inc_relations_for_view, -> do
- includes(:project, { author: :status }, :updated_by, :resolved_by, :award_emoji,
+ includes({ project: :group }, { author: :status }, :updated_by, :resolved_by, :award_emoji,
{ system_note_metadata: :description_version }, :note_diff_file, :diff_note_positions, :suggestions)
end
@@ -565,10 +569,10 @@ class Note < ApplicationRecord
noteable.user_mentions.where(note: self)
end
- def system_note_with_references_visible_for?(user)
+ def system_note_visible_for?(user)
return true unless system?
- (!system_note_with_references? || all_referenced_mentionables_allowed?(user)) && system_note_viewable_by?(user)
+ system_note_viewable_by?(user) && all_referenced_mentionables_allowed?(user)
end
def parent_user
@@ -617,10 +621,17 @@ class Note < ApplicationRecord
def system_note_viewable_by?(user)
return true unless system_note_metadata
- restriction = TYPES_RESTRICTED_BY_ABILITY[system_note_metadata.action.to_sym]
- return Ability.allowed?(user, restriction, project) if restriction
+ system_note_viewable_by_project_ability?(user) && system_note_viewable_by_group_ability?(user)
+ end
- true
+ def system_note_viewable_by_project_ability?(user)
+ project_restriction = TYPES_RESTRICTED_BY_PROJECT_ABILITY[system_note_metadata.action.to_sym]
+ !project_restriction || Ability.allowed?(user, project_restriction, project)
+ end
+
+ def system_note_viewable_by_group_ability?(user)
+ group_restriction = TYPES_RESTRICTED_BY_GROUP_ABILITY[system_note_metadata.action.to_sym]
+ !group_restriction || Ability.allowed?(user, group_restriction, project&.group)
end
def keep_around_commit
@@ -646,6 +657,8 @@ class Note < ApplicationRecord
end
def all_referenced_mentionables_allowed?(user)
+ return true unless system_note_with_references?
+
if user_visible_reference_count.present? && total_reference_count.present?
# if they are not equal, then there are private/confidential references as well
user_visible_reference_count > 0 && user_visible_reference_count == total_reference_count