Remove the `admin_issue` role when user can't access confidential issue

fc474258 · Douglas Barbosa Alexandre · 43c76d4a · fc474258
Commit fc474258 authored Mar 14, 2016 by Douglas Barbosa Alexandre
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

app/models/ability.rb app/models/ability.rb +1 -0

No files found.
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -469,6 +469,7 @@ class Ability
      return rules if user.admin? || !issue.confidential?

      unless issue.author == user || issue.assignee == user || issue.project.team.member?(user.id)
+        rules.delete(:admin_issue)
        rules.delete(:read_issue)
        rules.delete(:update_issue)
      end