diff options
| author | Robert Speicher <robert@gitlab.com> | 2015-08-21 16:37:09 +0000 |
|---|---|---|
| committer | Robert Speicher <robert@gitlab.com> | 2015-08-21 16:37:09 +0000 |
| commit | 1346756f74e8c15c8e67ec47f3315612b97fb3a1 (patch) | |
| tree | 60348c5f8c9dcb92923bf73634f6282ff1d52f32 | |
| parent | f5b3bf84ad10a03c58c161e84ef919661c84267c (diff) | |
| parent | 77e508d8fd7a915f5ae221f5e4d6022560398a9e (diff) | |
| download | gitlab-ce-1346756f74e8c15c8e67ec47f3315612b97fb3a1.tar.gz | |
Merge branch 'fix-fork-mr-labels' into 'master'
Fix bug where non-project members of the target project could set labels on new merge requests.
Fixes #2292.
See merge request !1180
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/views/shared/issuable/_form.html.haml | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index 6cbe51f1fb0..dd5162a53db 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -11,6 +11,7 @@ v 8.0.0 (unreleased) - Search for comments should be case insensetive v 7.14.0 (unreleased) + - Fix bug where non-project members of the target project could set labels on new merge requests. - Update default robots.txt rules to disallow crawling of irrelevant pages (Ben Bodenmiller) - Fix redirection after sign in when using auto_sign_in_with_provider - Upgrade gitlab_git to 7.2.14 to ignore CRLFs in .gitmodules (Stan Hu) diff --git a/app/views/shared/issuable/_form.html.haml b/app/views/shared/issuable/_form.html.haml index 3489bf3f191..f6b09de3839 100644 --- a/app/views/shared/issuable/_form.html.haml +++ b/app/views/shared/issuable/_form.html.haml @@ -38,7 +38,7 @@ .clearfix .error-alert %hr -- if can?(current_user, :"admin_#{issuable.to_ability_name}", @project) +- if can?(current_user, :"admin_#{issuable.to_ability_name}", issuable.project) .form-group .issue-assignee = f.label :assignee_id, class: 'control-label' do |