From e62b5a2b072eb1bc8587b095e906bd194475eacc Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Fri, 27 Mar 2015 12:19:34 +0100
Subject: [PATCH] Only allow user to see participants from groups they have
access to.
---
app/models/concerns/issuable.rb | 8 ++++----
app/models/concerns/mentionable.rb | 4 ++--
app/services/projects/participants_service.rb | 4 ++--
app/views/projects/issues/_discussion.html.haml | 4 ++--
.../projects/merge_requests/show/_participants.html.haml | 4 ++--
5 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/app/models/concerns/issuable.rb b/app/models/concerns/issuable.rb
index 88ac83744df..478134dff68 100644
--- a/app/models/concerns/issuable.rb
+++ b/app/models/concerns/issuable.rb
@@ -118,16 +118,16 @@ module Issuable
end
# Return all users participating on the discussion
- def participants
+ def participants(current_user = self.author)
users = []
users << author
users << assignee if is_assigned?
mentions = []
- mentions << self.mentioned_users
+ mentions << self.mentioned_users(current_user)
notes.each do |note|
users << note.author
- mentions << note.mentioned_users
+ mentions << note.mentioned_users(current_user)
end
users.concat(mentions.reduce([], :|)).uniq
@@ -140,7 +140,7 @@ module Issuable
return subscription.subscribed
end
- participants.include?(user)
+ participants(user).include?(user)
end
def toggle_subscription(user)
diff --git a/app/models/concerns/mentionable.rb b/app/models/concerns/mentionable.rb
index 1ab0a28fddd..41bcfa6be21 100644
--- a/app/models/concerns/mentionable.rb
+++ b/app/models/concerns/mentionable.rb
@@ -42,10 +42,10 @@ module Mentionable
Note.cross_reference_exists?(target, local_reference)
end
- def mentioned_users
+ def mentioned_users(current_user = nil)
return [] if mentionable_text.blank?
- ext = Gitlab::ReferenceExtractor.new(self.project)
+ ext = Gitlab::ReferenceExtractor.new(self.project, current_user)
ext.analyze(text)
ext.users.uniq
end
diff --git a/app/services/projects/participants_service.rb b/app/services/projects/participants_service.rb
index bcbacbff562..bcdde0950c5 100644
--- a/app/services/projects/participants_service.rb
+++ b/app/services/projects/participants_service.rb
@@ -21,10 +21,10 @@ module Projects
users = case type
when "Issue"
issue = @project.issues.find_by_iid(id)
- issue ? issue.participants : []
+ issue ? issue.participants(user) : []
when "MergeRequest"
merge_request = @project.merge_requests.find_by_iid(id)
- merge_request ? merge_request.participants : []
+ merge_request ? merge_request.participants(user) : []
when "Commit"
author_ids = Note.for_commit_id(id).pluck(:author_id).uniq
User.where(id: author_ids)
diff --git a/app/views/projects/issues/_discussion.html.haml b/app/views/projects/issues/_discussion.html.haml
index 0d3028d50b4..288b48f4583 100644
--- a/app/views/projects/issues/_discussion.html.haml
+++ b/app/views/projects/issues/_discussion.html.haml
@@ -9,8 +9,8 @@
.votes-holder.pull-right
#votes= render 'votes/votes_block', votable: @issue
.participants
- %span= pluralize(@issue.participants.count, 'participant')
- - @issue.participants.each do |participant|
+ %span= pluralize(@issue.participants(current_user).count, 'participant')
+ - @issue.participants(current_user).each do |participant|
= link_to_member(@project, participant, name: false, size: 24)
.voting_notes#notes= render "projects/notes/notes_with_form"
%aside.col-md-3
diff --git a/app/views/projects/merge_requests/show/_participants.html.haml b/app/views/projects/merge_requests/show/_participants.html.haml
index 4f34af1737d..9c93fa55fe6 100644
--- a/app/views/projects/merge_requests/show/_participants.html.haml
+++ b/app/views/projects/merge_requests/show/_participants.html.haml
@@ -1,4 +1,4 @@
.participants
- %span #{@merge_request.participants.count} participants
- - @merge_request.participants.each do |participant|
+ %span #{@merge_request.participants(current_user).count} participants
+ - @merge_request.participants(current_user).each do |participant|
= link_to_member(@project, participant, name: false, size: 24)
--
GitLab