diff options
author | John T Skarbek <jskarbek@gitlab.com> | 2019-08-14 21:11:04 +0300 |
---|---|---|
committer | John T Skarbek <jskarbek@gitlab.com> | 2019-08-14 21:11:04 +0300 |
commit | 2b2efbc609a85093238ee3bec94358670021d0e5 (patch) | |
tree | 671ff737363c10b61e4a970e1c108319cc07e37d /app/models/project_services | |
parent | affa81eb79ec0ca01a1a0c2733cc5cdffb3b9ff1 (diff) | |
parent | 7b52cff4896c8f681aea34fb273209400cf3e06e (diff) |
Merge remote-tracking branch 'dev/security-2873-restrict-slash-commands-to-users-who-can-log-in'
Diffstat (limited to 'app/models/project_services')
-rw-r--r-- | app/models/project_services/slash_commands_service.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/app/models/project_services/slash_commands_service.rb b/app/models/project_services/slash_commands_service.rb index 5f5cff97808..cb16ad75d14 100644 --- a/app/models/project_services/slash_commands_service.rb +++ b/app/models/project_services/slash_commands_service.rb @@ -35,6 +35,8 @@ class SlashCommandsService < Service chat_user = find_chat_user(params) if chat_user&.user + return Gitlab::SlashCommands::Presenters::Access.new.access_denied unless chat_user.user.can?(:use_slash_commands) + Gitlab::SlashCommands::Command.new(project, chat_user, params).execute else url = authorize_chat_name_url(params) |