From ac3de494bde32e4ce13bd665d1de3132b84c002d Mon Sep 17 00:00:00 2001
From: Patrick Bajao <ebajao@gitlab.com>
Date: Wed, 19 Jun 2019 16:56:17 +0800
Subject: Support branch creation from confidential issue

Accept a `confidential_issue_project_id` param which will
be used for the system note target.

This also includes some refactoring on the spec to use
shared examples.
---
 app/controllers/projects/branches_controller.rb | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb
index fc708400657..df4002d075b 100644
--- a/app/controllers/projects/branches_controller.rb
+++ b/app/controllers/projects/branches_controller.rb
@@ -64,7 +64,7 @@ class Projects::BranchesController < Projects::ApplicationController
     success = (result[:status] == :success)
 
     if params[:issue_iid] && success
-      issue = IssuesFinder.new(current_user, project_id: @project.id).find_by(iid: params[:issue_iid])
+      issue = IssuesFinder.new(current_user, project_id: (confidential_issue_project || @project).id).find_by(iid: params[:issue_iid])
       SystemNoteService.new_issue_branch(issue, @project, current_user, branch_name) if issue
     end
 
@@ -162,4 +162,15 @@ class Projects::BranchesController < Projects::ApplicationController
       @branches = Kaminari.paginate_array(@branches).page(params[:page])
     end
   end
+
+  def confidential_issue_project
+    return unless Feature.enabled?(:create_confidential_merge_request, @project)
+    return if params[:confidential_issue_project_id].blank?
+
+    confidential_issue_project = Project.find(params[:confidential_issue_project_id])
+
+    return unless can?(current_user, :push_code, confidential_issue_project)
+
+    confidential_issue_project
+  end
 end
-- 
cgit v1.2.1