diff options
Diffstat (limited to 'app/services/issues/build_service.rb')
-rw-r--r-- | app/services/issues/build_service.rb | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/app/services/issues/build_service.rb b/app/services/issues/build_service.rb index 2de6ed9fa1c..3145739fe91 100644 --- a/app/services/issues/build_service.rb +++ b/app/services/issues/build_service.rb @@ -64,20 +64,26 @@ module Issues private - def whitelisted_issue_params - base_params = [:title, :description, :confidential] - admin_params = [:milestone_id, :issue_type] + def allowed_issue_base_params + [:title, :description, :confidential, :issue_type] + end + + def allowed_issue_admin_params + [:milestone_id] + end + def allowed_issue_params if can?(current_user, :admin_issue, project) - params.slice(*(base_params + admin_params)) + params.slice(*(allowed_issue_base_params + allowed_issue_admin_params)) else - params.slice(*base_params) + params.slice(*allowed_issue_base_params) end end def build_issue_params - { author: current_user }.merge(issue_params_with_info_from_discussions) - .merge(whitelisted_issue_params) + { author: current_user } + .merge(issue_params_with_info_from_discussions) + .merge(allowed_issue_params) end end end |