diff options
Diffstat (limited to 'app/services/issuable_base_service.rb')
| -rw-r--r-- | app/services/issuable_base_service.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/app/services/issuable_base_service.rb b/app/services/issuable_base_service.rb index 0984238517e..59e521853de 100644 --- a/app/services/issuable_base_service.rb +++ b/app/services/issuable_base_service.rb @@ -51,9 +51,12 @@ class IssuableBaseService < ::BaseProjectService params.delete(:canonical_issue_id) params.delete(:project) params.delete(:discussion_locked) - params.delete(:confidential) end + # confidential attribute is a special type of metadata and needs to be allowed to be set + # by non-members on issues in public projects so that security issues can be reported as confidential. + params.delete(:confidential) unless can?(current_user, :set_confidentiality, issuable) + filter_assignees(issuable) filter_milestone filter_labels |