Merge branch 'master' into issue_12658

author: Douwe Maan <douwe@selenight.nl> 2016-03-20 14:57:25 +0100
committer: Douwe Maan <douwe@selenight.nl> 2016-03-20 14:57:25 +0100
commit: 2eb19ea3ea36916bbea72a8ccab3e6d15f602ac9 (patch)
tree: 55c08bbb50e92ce76028f68a5267401a76bc4b02 /lib/api
parent: 8b830b8c3b32774e8ccf562b8bc9dbce3ecf3073 (diff)
parent: 01fe50a72513a88f2168c8c0a649661b1382a42b (diff)
download: gitlab-ce-2eb19ea3ea36916bbea72a8ccab3e6d15f602ac9.tar.gz
2 files changed, 5 insertions, 3 deletions
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index 252744515da..fda6f841438 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -82,7 +82,7 @@ module API
       #   GET /projects/:id/issues?milestone=1.0.0&state=closed
       #   GET /issues?iid=42
       get ":id/issues" do
-        issues = user_project.issues
+        issues = user_project.issues.visible_to_user(current_user)
         issues = filter_issues_state(issues, params[:state]) unless params[:state].nil?
         issues = filter_issues_labels(issues, params[:labels]) unless params[:labels].nil?
         issues = filter_by_iid(issues, params[:iid]) unless params[:iid].nil?
@@ -104,6 +104,7 @@ module API
       #   GET /projects/:id/issues/:issue_id
       get ":id/issues/:issue_id" do
         @issue = user_project.issues.find(params[:issue_id])
+        not_found! unless can?(current_user, :read_issue, @issue)
         present @issue, with: Entities::Issue
       end
 
diff --git a/lib/api/users.rb b/lib/api/users.rb
index c574f042a66..13ab17c6904 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -61,7 +61,7 @@ module API
       #   admin                             - User is admin - true or false (default)
       #   can_create_group                  - User can create groups - true or false
       #   confirm                           - Require user confirmation - true (default) or false
-      #   external                          - Is user an external user - true or false(default)
+      #   external                          - Flags the user as external - true or false(default)
       # Example Request:
       #   POST /users
       post do
@@ -108,12 +108,13 @@ module API
       #   bio                               - Bio
       #   admin                             - User is admin - true or false (default)
       #   can_create_group                  - User can create groups - true or false
+      #   external                          - Flags the user as external - true or false(default)
       # Example Request:
       #   PUT /users/:id
       put ":id" do
         authenticated_as_admin!
 
-        attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :website_url, :projects_limit, :username, :bio, :can_create_group, :admin]
+        attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :website_url, :projects_limit, :username, :bio, :can_create_group, :admin, :external]
         user = User.find(params[:id])
         not_found!('User') unless user
author	Douwe Maan <douwe@selenight.nl>	2016-03-20 14:57:25 +0100
committer	Douwe Maan <douwe@selenight.nl>	2016-03-20 14:57:25 +0100
commit	2eb19ea3ea36916bbea72a8ccab3e6d15f602ac9 (patch)
tree	55c08bbb50e92ce76028f68a5267401a76bc4b02 /lib/api
parent	8b830b8c3b32774e8ccf562b8bc9dbce3ecf3073 (diff)
parent	01fe50a72513a88f2168c8c0a649661b1382a42b (diff)
download	gitlab-ce-2eb19ea3ea36916bbea72a8ccab3e6d15f602ac9.tar.gz