diff options
| author | Sean McGivern <sean@gitlab.com> | 2017-07-24 11:35:54 +0100 |
|---|---|---|
| committer | Sean McGivern <sean@gitlab.com> | 2017-07-24 16:58:04 +0100 |
| commit | ccac2abeba419f16029c40f29063f1812c9e159c (patch) | |
| tree | 975ca2e9f3fc91fae1ce0c775c8c267256fa7480 /app/policies/project_policy.rb | |
| parent | f81ed493e1f02e5a197df3e2df9c5e42cb09e7ff (diff) | |
| download | gitlab-ce-ccac2abeba419f16029c40f29063f1812c9e159c.tar.gz | |
Don't treat anonymous users as owners when group has pending invites
The `members` table can have entries where `user_id: nil`, because people can
invite group members by email. We never want to include those as members,
because it might cause confusion with the anonymous (logged out) user.
Diffstat (limited to 'app/policies/project_policy.rb')
| -rw-r--r-- | app/policies/project_policy.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index d27bbf2948c..0133091db57 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -10,7 +10,8 @@ class ProjectPolicy < BasePolicy desc "User is a project owner" condition :owner do - @user && project.owner == @user || (project.group && project.group.has_owner?(@user)) + (project.owner.present? && project.owner == @user) || + project.group&.has_owner?(@user) end desc "Project has public builds enabled" |