Skip to content
Snippets Groups Projects
Unverified Commit 0bcfe9a0 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets
Browse files

Dont allow set assignee, milestone or labels if user is guest 


Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent 5ff870a0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/services/issuable_base_service.rb
+ 14
0
View file @ 0bcfe9a0
@@ -26,4 +26,18 @@ class IssuableBaseService < BaseService
@@ -26,4 +26,18 @@ class IssuableBaseService < BaseService
issuable, issuable.project, current_user, branch_type, issuable, issuable.project, current_user, branch_type,
old_branch, new_branch) old_branch, new_branch)
end end
def filter_params
unless can?(current_user, :set_milestone, project)
params.delete(:milestone_id)
end
unless can?(current_user, :set_label, project)
params.delete(:label_ids)
end
unless can?(current_user, :set_assignee, project)
params.delete(:assignee_id)
end
end
end end
app/services/issues/create_service.rb
+ 1
0
View file @ 0bcfe9a0
module Issues module Issues
class CreateService < Issues::BaseService class CreateService < Issues::BaseService
def execute def execute
filter_params
label_params = params[:label_ids] label_params = params[:label_ids]
issue = project.issues.new(params.except(:label_ids)) issue = project.issues.new(params.except(:label_ids))
issue.author = current_user issue.author = current_user
app/services/issues/update_service.rb
+ 1
0
View file @ 0bcfe9a0
@@ -17,6 +17,7 @@ module Issues
@@ -17,6 +17,7 @@ module Issues
params[:assignee_id] = "" if params[:assignee_id] == IssuableFinder::NONE params[:assignee_id] = "" if params[:assignee_id] == IssuableFinder::NONE
params[:milestone_id] = "" if params[:milestone_id] == IssuableFinder::NONE params[:milestone_id] = "" if params[:milestone_id] == IssuableFinder::NONE
   
filter_params
old_labels = issue.labels.to_a old_labels = issue.labels.to_a
   
if params.present? && issue.update_attributes(params.except(:state_event, if params.present? && issue.update_attributes(params.except(:state_event,
app/services/merge_requests/create_service.rb
+ 1
0
View file @ 0bcfe9a0
module MergeRequests module MergeRequests
class CreateService < MergeRequests::BaseService class CreateService < MergeRequests::BaseService
def execute def execute
filter_params
label_params = params[:label_ids] label_params = params[:label_ids]
merge_request = MergeRequest.new(params.except(:label_ids)) merge_request = MergeRequest.new(params.except(:label_ids))
merge_request.source_project = project merge_request.source_project = project
app/services/merge_requests/update_service.rb
+ 1
0
View file @ 0bcfe9a0
@@ -27,6 +27,7 @@ module MergeRequests
@@ -27,6 +27,7 @@ module MergeRequests
params[:assignee_id] = "" if params[:assignee_id] == IssuableFinder::NONE params[:assignee_id] = "" if params[:assignee_id] == IssuableFinder::NONE
params[:milestone_id] = "" if params[:milestone_id] == IssuableFinder::NONE params[:milestone_id] = "" if params[:milestone_id] == IssuableFinder::NONE
   
filter_params
old_labels = merge_request.labels.to_a old_labels = merge_request.labels.to_a
   
if params.present? && merge_request.update_attributes( if params.present? && merge_request.update_attributes(
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment