diff options
Diffstat (limited to 'app/services/issues/base_service.rb')
-rw-r--r-- | app/services/issues/base_service.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/app/services/issues/base_service.rb b/app/services/issues/base_service.rb index 0ed2b08b7b1..978ea6fe9bc 100644 --- a/app/services/issues/base_service.rb +++ b/app/services/issues/base_service.rb @@ -34,6 +34,18 @@ module Issues private + def filter_params(merge_request) + super + + moved_issue = params.delete(:moved_issue) + + # Setting created_at, updated_at and iid is allowed only for admins and owners or + # when moving an issue as we preserve the original issue attributes except id and iid. + params.delete(:iid) unless current_user.can?(:set_issue_iid, project) + params.delete(:created_at) unless moved_issue || current_user.can?(:set_issue_created_at, project) + params.delete(:updated_at) unless moved_issue || current_user.can?(:set_issue_updated_at, project) + end + def create_assignee_note(issue, old_assignees) SystemNoteService.change_issuable_assignees( issue, issue.project, current_user, old_assignees) |