Skip to content
Snippets Groups Projects
Commit 72afcbcd authored by Douwe Maan's avatar Douwe Maan
Browse files

Always allow references to the current project

parent f42cfa9e
Branches
Tags
1 merge request!1090Separate rendering of Markdown reference links from redacting those the user doesn't have access to and extracting referenced objects
Pipeline #
Show whitespace changes
Inline Side-by-side
Showing
with 12 additions and 8 deletions
app/models/concerns/mentionable.rb
+ 0
1
View file @ 72afcbcd
@@ -61,7 +61,6 @@ module Mentionable
 
ext = Gitlab::ReferenceExtractor.new(p, current_user)
ext.analyze(text)
(ext.issues + ext.merge_requests + ext.commits).uniq - [local_reference]
end
 
lib/gitlab/markdown/redactor_filter.rb
+ 1
1
View file @ 72afcbcd
@@ -26,7 +26,7 @@ module Gitlab
reference_type = node.attr('data-reference-filter')
reference_filter = reference_type.constantize
 
reference_filter.user_can_reference?(current_user, node)
reference_filter.user_can_reference?(current_user, node, context)
else
true
end
lib/gitlab/markdown/reference_filter.rb
+ 5
2
View file @ 72afcbcd
@@ -15,9 +15,12 @@ module Gitlab
# Results:
# :references - A Hash of references that were found and replaced.
class ReferenceFilter < HTML::Pipeline::Filter
def self.user_can_reference?(user, node)
def self.user_can_reference?(user, node, context)
if node.has_attribute?('data-project')
project = Project.find(node.attr('data-project')) rescue nil
project_id = node.attr('data-project').to_i
return true if project_id == context[:project].id
project = Project.find(project_id) rescue nil
Ability.abilities.allowed?(user, :read_project, project)
else
true
lib/gitlab/markdown/reference_gatherer_filter.rb
+ 1
1
View file @ 72afcbcd
@@ -31,7 +31,7 @@ module Gitlab
reference_type = node.attr('data-reference-filter')
reference_filter = reference_type.constantize
 
return unless reference_filter.user_can_reference?(current_user, node)
return unless reference_filter.user_can_reference?(current_user, node, context)
 
references = reference_filter.referenced_by(node)
return unless references
lib/gitlab/markdown/user_reference_filter.rb
+ 1
1
View file @ 72afcbcd
@@ -42,7 +42,7 @@ module Gitlab
end
end
 
def self.user_can_reference?(user, node)
def self.user_can_reference?(user, node, context)
if node.has_attribute?('data-group')
group = Group.find(node.attr('data-group')) rescue nil
Ability.abilities.allowed?(user, :read_group, group)
spec/lib/gitlab/reference_extractor_spec.rb
+ 2
2
View file @ 72afcbcd
@@ -2,7 +2,7 @@ require 'spec_helper'
 
describe Gitlab::ReferenceExtractor do
let(:project) { create(:project) }
subject { Gitlab::ReferenceExtractor.new(project, project.owner) }
subject { Gitlab::ReferenceExtractor.new(project, project.creator) }
 
it 'accesses valid user objects' do
@u_foo = create(:user, username: 'foo')
@@ -102,7 +102,7 @@ describe Gitlab::ReferenceExtractor do
let(:issue) { create(:issue, project: other_project) }
 
before do
other_project.team << [project.owner, :developer]
other_project.team << [project.creator, :developer]
end
 
it 'handles project issue references' do
spec/support/mentionable_shared_examples.rb
+ 2
0
View file @ 72afcbcd
@@ -50,6 +50,8 @@ def common_mentionable_setup
}
extra_commits.each { |c| commitmap[c.short_id] = c }
 
allow(Project).to receive(:find).and_call_original
allow(Project).to receive(:find).with(project.id.to_s).and_return(project)
allow(project.repository).to receive(:commit) { |sha| commitmap[sha] }
 
set_mentionable_text.call(ref_string)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment