Stop unauthorized users dragging on milestone page

author: blackst0ne <blackst0ne.ru@gmail.com> 2016-10-28 20:30:58 +1100
committer: blackst0ne <blackst0ne.ru@gmail.com> 2016-10-28 21:43:43 +1100
commit: 0162c132f4230c61c8d36e4f867d63096c258a6c (patch)
tree: ab5bebac4ffbaeb95eadc342d5aa33b2ff392d62 /app/views
parent: 66870960af8d8a4cafec4abc529bd073d23fd1e4 (diff)
download: gitlab-ce-0162c132f4230c61c8d36e4f867d63096c258a6c.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/app/views/shared/milestones/_issuable.html.haml b/app/views/shared/milestones/_issuable.html.haml
index 3c03c220ddd..9e1b0379428 100644
--- a/app/views/shared/milestones/_issuable.html.haml
+++ b/app/views/shared/milestones/_issuable.html.haml
@@ -3,8 +3,9 @@
 - assignee = issuable.assignee
 - issuable_type = issuable.class.table_name
 - base_url_args = [project.namespace.becomes(Namespace), project, issuable_type]
+- can_update = can?(current_user, :"update_#{issuable.to_ability_name}", issuable)
 
-%li{ id: dom_id(issuable, 'sortable'),  class: "issuable-row", 'data-iid' => issuable.iid, 'data-url' => polymorphic_path(issuable) }
+%li{ id: dom_id(issuable, 'sortable'),  class: "issuable-row #{'ui-sort-disabled' unless can_update}", 'data-iid' => issuable.iid, 'data-url' => polymorphic_path(issuable) }
   %span
     - if show_project_name
       %strong #{project.name} &middot;
author	blackst0ne <blackst0ne.ru@gmail.com>	2016-10-28 20:30:58 +1100
committer	blackst0ne <blackst0ne.ru@gmail.com>	2016-10-28 21:43:43 +1100
commit	0162c132f4230c61c8d36e4f867d63096c258a6c (patch)
tree	ab5bebac4ffbaeb95eadc342d5aa33b2ff392d62 /app/views
parent	66870960af8d8a4cafec4abc529bd073d23fd1e4 (diff)
download	gitlab-ce-0162c132f4230c61c8d36e4f867d63096c258a6c.tar.gz