Commit 61027f40 authored by Douwe Maan's avatar Douwe Maan Committed by Rémy Coutable

Merge branch 'fix-mentions-on-confidential-issues-for-non-members' into 'master'

Mentions on confidential issues doesn't create todos for non-members

Closes #14569

See merge request !3374
Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent 36c8506b
...@@ -7,6 +7,7 @@ v 8.6.3 (unreleased) ...@@ -7,6 +7,7 @@ v 8.6.3 (unreleased)
- Fix raw/rendered diff producing different results on merge requests. !3450 - Fix raw/rendered diff producing different results on merge requests. !3450
- Fix commit comment alignment (Stan Hu). !3466 - Fix commit comment alignment (Stan Hu). !3466
- Update gitlab-shell version and doc to 2.6.12. gitlab-org/gitlab-ee!280 - Update gitlab-shell version and doc to 2.6.12. gitlab-org/gitlab-ee!280
- Mentions on confidential issues doesn't create todos for non-members. !3374
v 8.6.2 v 8.6.2
- Fix dropdown alignment. !3298 - Fix dropdown alignment. !3298
......
...@@ -170,14 +170,30 @@ class TodoService ...@@ -170,14 +170,30 @@ class TodoService
end end
def filter_mentioned_users(project, target, author) def filter_mentioned_users(project, target, author)
mentioned_users = target.mentioned_users.select do |user| mentioned_users = target.mentioned_users
user.can?(:read_project, project) mentioned_users = reject_users_without_access(mentioned_users, project, target)
end
mentioned_users.delete(author) mentioned_users.delete(author)
mentioned_users.uniq mentioned_users.uniq
end end
def reject_users_without_access(users, project, target)
if target.is_a?(Note) && target.for_issue?
target = target.noteable
end
if target.is_a?(Issue)
select_users(users, :read_issue, target)
else
select_users(users, :read_project, project)
end
end
def select_users(users, ability, subject)
users.select do |user|
user.can?(ability.to_sym, subject)
end
end
def pending_todos(user, criteria = {}) def pending_todos(user, criteria = {})
valid_keys = [:project_id, :target_id, :target_type, :commit_id] valid_keys = [:project_id, :target_id, :target_type, :commit_id]
user.todos.pending.where(criteria.slice(*valid_keys)) user.todos.pending.where(criteria.slice(*valid_keys))
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment