diff options
| author | Douwe Maan <douwe@gitlab.com> | 2015-03-27 12:19:48 +0100 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2015-04-02 10:57:01 +0200 |
| commit | 65bb0c34066eef77647e1d60e6bac7a12993cd93 (patch) | |
| tree | 7928449705a3d02752c506652eaad7b5e3d5fdfd /app/models | |
| parent | e62b5a2b072eb1bc8587b095e906bd194475eacc (diff) | |
| download | gitlab-ce-65bb0c34066eef77647e1d60e6bac7a12993cd93.tar.gz | |
Only allow users to cross-reference and close issues they have access to.
Diffstat (limited to 'app/models')
| -rw-r--r-- | app/models/commit.rb | 4 | ||||
| -rw-r--r-- | app/models/concerns/mentionable.rb | 6 | ||||
| -rw-r--r-- | app/models/merge_request.rb | 6 |
3 files changed, 8 insertions, 8 deletions
diff --git a/app/models/commit.rb b/app/models/commit.rb index 481300171be..084cf420079 100644 --- a/app/models/commit.rb +++ b/app/models/commit.rb @@ -117,8 +117,8 @@ class Commit # Discover issues should be closed when this commit is pushed to a project's # default branch. - def closes_issues(project) - Gitlab::ClosingIssueExtractor.closed_by_message_in_project(safe_message, project) + def closes_issues(project, current_user = self.committer) + Gitlab::ClosingIssueExtractor.closed_by_message_in_project(safe_message, project, current_user) end # Mentionable override. diff --git a/app/models/concerns/mentionable.rb b/app/models/concerns/mentionable.rb index 41bcfa6be21..bf0465728e7 100644 --- a/app/models/concerns/mentionable.rb +++ b/app/models/concerns/mentionable.rb @@ -51,10 +51,10 @@ module Mentionable end # Extract GFM references to other Mentionables from this Mentionable. Always excludes its #local_reference. - def references(p = project, text = mentionable_text) + def references(p = project, current_user = self.author, text = mentionable_text) return [] if text.blank? - ext = Gitlab::ReferenceExtractor.new(p) + ext = Gitlab::ReferenceExtractor.new(p, current_user) ext.analyze(text) (ext.issues + ext.merge_requests + ext.commits).uniq - [local_reference] @@ -83,7 +83,7 @@ module Mentionable # Only proceed if the saved changes actually include a chance to an attr_mentionable field. return unless mentionable_changed - preexisting = references(p, original) + preexisting = references(p, self.author, original) create_cross_references!(p, a, preexisting) end end diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb index 5634f9a686e..167d7f9c71f 100644 --- a/app/models/merge_request.rb +++ b/app/models/merge_request.rb @@ -257,11 +257,11 @@ class MergeRequest < ActiveRecord::Base end # Return the set of issues that will be closed if this merge request is accepted. - def closes_issues + def closes_issues(current_user = self.author) if target_branch == project.default_branch - issues = commits.flat_map { |c| c.closes_issues(project) } + issues = commits.flat_map { |c| c.closes_issues(project, current_user) } issues.push(*Gitlab::ClosingIssueExtractor. - closed_by_message_in_project(description, project)) + closed_by_message_in_project(description, project, current_user)) issues.uniq.sort_by(&:id) else [] |