Commit 561f4402 authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Fix permission check for confidential quick action

Checks `set_confidentiality` instead of `admin_issue` so that
non-members can use the confidential quick action on issue creation.

Changelog: fixed
parent a9bae7b7
...@@ -172,7 +172,7 @@ module Gitlab ...@@ -172,7 +172,7 @@ module Gitlab
condition do condition do
quick_action_target.issue_type_supports?(:confidentiality) && quick_action_target.issue_type_supports?(:confidentiality) &&
!quick_action_target.confidential? && !quick_action_target.confidential? &&
current_user.can?(:"admin_#{quick_action_target.to_ability_name}", quick_action_target) current_user.can?(:set_confidentiality, quick_action_target)
end end
command :confidential do command :confidential do
@updates[:confidential] = true @updates[:confidential] = true
......
...@@ -1326,6 +1326,7 @@ RSpec.describe QuickActions::InterpretService do ...@@ -1326,6 +1326,7 @@ RSpec.describe QuickActions::InterpretService do
let(:issuable) { issue } let(:issuable) { issue }
end end
context '/confidential' do
it_behaves_like 'confidential command' do it_behaves_like 'confidential command' do
let(:content) { '/confidential' } let(:content) { '/confidential' }
let(:issuable) { issue } let(:issuable) { issue }
...@@ -1336,6 +1337,16 @@ RSpec.describe QuickActions::InterpretService do ...@@ -1336,6 +1337,16 @@ RSpec.describe QuickActions::InterpretService do
let(:issuable) { create(:incident, project: project) } let(:issuable) { create(:incident, project: project) }
end end
context 'when non-member is creating a new issue' do
let(:service) { described_class.new(project, create(:user)) }
it_behaves_like 'confidential command' do
let(:content) { '/confidential' }
let(:issuable) { build(:issue, project: project) }
end
end
end
it_behaves_like 'lock command' do it_behaves_like 'lock command' do
let(:content) { '/lock' } let(:content) { '/lock' }
let(:issuable) { issue } let(:issuable) { issue }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment