diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-29 18:58:24 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-29 18:58:24 +0300 |
commit | 771f3fb9aae6129f5e6209e2f77e996e4562f176 (patch) | |
tree | 63bc9c174b9657a737a1c6623c0c8ec5157ac0b7 /app/models | |
parent | c7ee6535d491c4595b4e1e2736032d7d679ddb0d (diff) | |
parent | 6ff7788d4cb6fcfec1ec1a2e9d42c04a0eb31891 (diff) |
Merge branch 'security-2914-labels-visible-despite-no-access-to-issues-repositories' into 'master'
Labels visible despite no access to issues & repositories
See merge request gitlab/gitlabhq!3409
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/project.rb | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/app/models/project.rb b/app/models/project.rb index f12adc489a2..16317b5827a 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -614,11 +614,11 @@ class Project < ApplicationRecord joins(:namespace).where(namespaces: { type: 'Group' }).select(:namespace_id) end - # Returns ids of projects with milestones available for given user + # Returns ids of projects with issuables available for given user # - # Used on queries to find milestones which user can see - # For example: Milestone.where(project_id: ids_with_milestone_available_for(user)) - def ids_with_milestone_available_for(user) + # Used on queries to find milestones or labels which user can see + # For example: Milestone.where(project_id: ids_with_issuables_available_for(user)) + def ids_with_issuables_available_for(user) with_issues_enabled = with_issues_available_for_user(user).select(:id) with_merge_requests_enabled = with_merge_requests_available_for_user(user).select(:id) |