Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
c400030d
Commit
c400030d
authored
Jun 23, 2017
by
Sean McGivern
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Don't count any confidential issues for non-project-members
parent
20bb678d
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
9 additions
and
6 deletions
+9
-6
app/finders/issuable_finder.rb
app/finders/issuable_finder.rb
+1
-1
app/finders/issues_finder.rb
app/finders/issues_finder.rb
+8
-5
No files found.
app/finders/issuable_finder.rb
View file @
c400030d
...
...
@@ -62,7 +62,7 @@ class IssuableFinder
# grouping and counting within that query.
#
def
count_by_state
count_params
=
params
.
merge
(
state:
nil
,
sort:
nil
)
count_params
=
params
.
merge
(
state:
nil
,
sort:
nil
,
for_counting:
true
)
labels_count
=
label_names
.
any?
?
label_names
.
count
:
1
finder
=
self
.
class
.
new
(
current_user
,
count_params
)
counts
=
Hash
.
new
(
0
)
...
...
app/finders/issues_finder.rb
View file @
c400030d
...
...
@@ -23,8 +23,8 @@ class IssuesFinder < IssuableFinder
end
def
not_restricted_by_confidentiality
return
Issue
.
where
(
'issues.confidential IS NOT TRUE'
)
if
user_cannot_see_confidential_issues?
return
Issue
.
all
if
user_can_see_all_confidential_issues?
return
Issue
.
where
(
'issues.confidential IS NOT TRUE'
)
if
user_cannot_see_confidential_issues?
Issue
.
where
(
'
issues.confidential IS NOT TRUE
...
...
@@ -37,16 +37,19 @@ class IssuesFinder < IssuableFinder
end
def
user_can_see_all_confidential_issues?
return
false
unless
current_user
return
true
if
current_user
.
full_private_access?
return
@user_can_see_all_confidential_issues
=
false
if
current_user
.
blank?
return
@user_can_see_all_confidential_issues
=
true
if
current_user
.
full_private_access?
project?
&&
@user_can_see_all_confidential_issues
=
project?
&&
project
&&
project
.
team
.
max_member_access
(
current_user
.
id
)
>=
CONFIDENTIAL_ACCESS_LEVEL
end
def
user_cannot_see_confidential_issues?
current_user
.
blank?
return
false
if
user_can_see_all_confidential_issues?
current_user
.
blank?
||
params
[
:for_counting
]
end
private
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
