diff options
| author | Douwe Maan <douwe@gitlab.com> | 2016-03-18 12:04:56 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2016-03-18 12:04:56 +0000 |
| commit | 9813eac56ba6120ef046b5dddba6fd72ce1933a6 (patch) | |
| tree | aa1b50b0d80253dfca7746312db0ed46e593448a /lib | |
| parent | 726f1efdb767407acf461a6811b396bfa5f0df35 (diff) | |
| parent | 5ed7e2cfd5de7c1db0374594428895e84e98321e (diff) | |
| download | gitlab-ce-9813eac56ba6120ef046b5dddba6fd72ce1933a6.tar.gz | |
Merge branch 'confidential-issues' into 'master'
Add confidential issues
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/3678
More information: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/227
See merge request !3282
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/issues.rb | 3 | ||||
| -rw-r--r-- | lib/banzai/filter/issue_reference_filter.rb | 5 | ||||
| -rw-r--r-- | lib/gitlab/project_search_results.rb | 3 | ||||
| -rw-r--r-- | lib/gitlab/search_results.rb | 7 |
4 files changed, 13 insertions, 5 deletions
diff --git a/lib/api/issues.rb b/lib/api/issues.rb index 252744515da..fda6f841438 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -82,7 +82,7 @@ module API # GET /projects/:id/issues?milestone=1.0.0&state=closed # GET /issues?iid=42 get ":id/issues" do - issues = user_project.issues + issues = user_project.issues.visible_to_user(current_user) issues = filter_issues_state(issues, params[:state]) unless params[:state].nil? issues = filter_issues_labels(issues, params[:labels]) unless params[:labels].nil? issues = filter_by_iid(issues, params[:iid]) unless params[:iid].nil? @@ -104,6 +104,7 @@ module API # GET /projects/:id/issues/:issue_id get ":id/issues/:issue_id" do @issue = user_project.issues.find(params[:issue_id]) + not_found! unless can?(current_user, :read_issue, @issue) present @issue, with: Entities::Issue end diff --git a/lib/banzai/filter/issue_reference_filter.rb b/lib/banzai/filter/issue_reference_filter.rb index 9f08aa36e8b..2732e0b5145 100644 --- a/lib/banzai/filter/issue_reference_filter.rb +++ b/lib/banzai/filter/issue_reference_filter.rb @@ -9,6 +9,11 @@ module Banzai Issue end + def self.user_can_see_reference?(user, node, context) + issue = Issue.find(node.attr('data-issue')) rescue nil + Ability.abilities.allowed?(user, :read_issue, issue) + end + def find_object(project, id) project.get_issue(id) end diff --git a/lib/gitlab/project_search_results.rb b/lib/gitlab/project_search_results.rb index 0607a8b9592..71c5b6801fb 100644 --- a/lib/gitlab/project_search_results.rb +++ b/lib/gitlab/project_search_results.rb @@ -2,7 +2,8 @@ module Gitlab class ProjectSearchResults < SearchResults attr_reader :project, :repository_ref - def initialize(project, query, repository_ref = nil) + def initialize(current_user, project, query, repository_ref = nil) + @current_user = current_user @project = project @repository_ref = if repository_ref.present? repository_ref diff --git a/lib/gitlab/search_results.rb b/lib/gitlab/search_results.rb index f13528a2eea..f8ab2b1f09e 100644 --- a/lib/gitlab/search_results.rb +++ b/lib/gitlab/search_results.rb @@ -1,12 +1,13 @@ module Gitlab class SearchResults - attr_reader :query + attr_reader :current_user, :query # Limit search results by passed projects # It allows us to search only for projects user has access to attr_reader :limit_projects - def initialize(limit_projects, query) + def initialize(current_user, limit_projects, query) + @current_user = current_user @limit_projects = limit_projects || Project.all @query = Shellwords.shellescape(query) if query.present? end @@ -58,7 +59,7 @@ module Gitlab end def issues - issues = Issue.where(project_id: project_ids_relation) + issues = Issue.visible_to_user(current_user).where(project_id: project_ids_relation) if query =~ /#(\d+)\z/ issues = issues.where(iid: $1) |