Dont allow set assignee, milestone or labels if user is guest

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-06-25 16:17:48 +0200
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-06-25 16:17:48 +0200
commit: 0bcfe9a0dcf630b166376bf05de966132d6ee45d (patch)
tree: 276a415b4d3ddfca709af69bb3ff2d031adf453a /app/services/issuable_base_service.rb
parent: 5ff870a044150bef027b903bd944b8cc0578f798 (diff)
download: gitlab-ce-0bcfe9a0dcf630b166376bf05de966132d6ee45d.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/app/services/issuable_base_service.rb b/app/services/issuable_base_service.rb
index 1d99223cfe6..cb544eaf89b 100644
--- a/app/services/issuable_base_service.rb
+++ b/app/services/issuable_base_service.rb
@@ -26,4 +26,18 @@ class IssuableBaseService < BaseService
       issuable, issuable.project, current_user, branch_type,
       old_branch, new_branch)
   end
+
+  def filter_params
+    unless can?(current_user, :set_milestone, project)
+      params.delete(:milestone_id)
+    end
+
+    unless can?(current_user, :set_label, project)
+      params.delete(:label_ids)
+    end
+
+    unless can?(current_user, :set_assignee, project)
+      params.delete(:assignee_id)
+    end
+  end
 end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2015-06-25 16:17:48 +0200
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2015-06-25 16:17:48 +0200
commit	0bcfe9a0dcf630b166376bf05de966132d6ee45d (patch)
tree	276a415b4d3ddfca709af69bb3ff2d031adf453a /app/services/issuable_base_service.rb
parent	5ff870a044150bef027b903bd944b8cc0578f798 (diff)
download	gitlab-ce-0bcfe9a0dcf630b166376bf05de966132d6ee45d.tar.gz