summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDouwe Maan <douwe@gitlab.com>2015-08-20 18:32:32 -0700
committerDouwe Maan <douwe@gitlab.com>2015-08-20 18:32:32 -0700
commit77e508d8fd7a915f5ae221f5e4d6022560398a9e (patch)
tree5f84fab8734834d5600ae3cfde9b3374d9e2cec0
parent2de0935e276e45ac0090d32fd345593c2db92a5b (diff)
downloadgitlab-ce-fix-fork-mr-labels.tar.gz
Fix bug where non-project members of the target project could set labels on new merge requests.fix-fork-mr-labels
-rw-r--r--CHANGELOG1
-rw-r--r--app/views/shared/issuable/_form.html.haml2
2 files changed, 2 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 54f83e5aeac..17b063536df 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -9,6 +9,7 @@ v 8.0.0 (unreleased)
- Allow configuration of import sources for new projects (Artem Sidorenko)
v 7.14.0 (unreleased)
+ - Fix bug where non-project members of the target project could set labels on new merge requests.
- Update default robots.txt rules to disallow crawling of irrelevant pages (Ben Bodenmiller)
- Fix redirection after sign in when using auto_sign_in_with_provider
- Upgrade gitlab_git to 7.2.14 to ignore CRLFs in .gitmodules (Stan Hu)
diff --git a/app/views/shared/issuable/_form.html.haml b/app/views/shared/issuable/_form.html.haml
index 3489bf3f191..f6b09de3839 100644
--- a/app/views/shared/issuable/_form.html.haml
+++ b/app/views/shared/issuable/_form.html.haml
@@ -38,7 +38,7 @@
.clearfix
.error-alert
%hr
-- if can?(current_user, :"admin_#{issuable.to_ability_name}", @project)
+- if can?(current_user, :"admin_#{issuable.to_ability_name}", issuable.project)
.form-group
.issue-assignee
= f.label :assignee_id, class: 'control-label' do