From 7934b91311a70d994c6700201979c6673160fd01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jarka=20Kadlecov=C3=A1?= Date: Thu, 26 Jul 2018 16:53:50 +0200 Subject: Fix removing todos for confidential issues - dont remove todos for authos & assignees - remove todos for project guests --- app/services/todos/destroy/confidential_issue_service.rb | 9 +++++++++ app/services/todos/destroy/entity_leave_service.rb | 4 ++++ 2 files changed, 13 insertions(+) (limited to 'app') diff --git a/app/services/todos/destroy/confidential_issue_service.rb b/app/services/todos/destroy/confidential_issue_service.rb index 06cf308a3cd..c5b66df057a 100644 --- a/app/services/todos/destroy/confidential_issue_service.rb +++ b/app/services/todos/destroy/confidential_issue_service.rb @@ -14,6 +14,8 @@ module Todos override :todos def todos Todo.where(target: issue) + .where('user_id != ?', issue.author_id) + .where('user_id NOT IN (?)', issue.assignees.select(:id)) end override :todos_to_remove? @@ -25,6 +27,13 @@ module Todos def project_ids issue.project_id end + + override :authorized_users + def authorized_users + ProjectAuthorization.select(:user_id) + .where(project_id: project_ids) + .where('access_level >= ?', Gitlab::Access::REPORTER) + end end end end diff --git a/app/services/todos/destroy/entity_leave_service.rb b/app/services/todos/destroy/entity_leave_service.rb index 328a8b39e7b..129e5505a21 100644 --- a/app/services/todos/destroy/entity_leave_service.rb +++ b/app/services/todos/destroy/entity_leave_service.rb @@ -42,7 +42,11 @@ module Todos end def confidential_issues + assigned_ids = IssueAssignee.select(:issue_id).where(user_id: user_id) + Issue.where(project_id: project_ids, confidential: true) + .where('author_id != ?', user_id) + .where('id NOT IN (?)', assigned_ids) end end end -- cgit v1.2.1