diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-29 00:59:16 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-29 00:59:16 +0300 |
commit | ba2dd425136ba32ccb9793b5c10e5f26910970a2 (patch) | |
tree | e8955d82a92ae42c378a6efdd5d8249837708703 /app/policies/note_policy.rb | |
parent | 16918719748469eb301797d7ec94da59269fa197 (diff) |
Add latest changes from gitlab-org/security/gitlab@15-2-stable-ee
Diffstat (limited to 'app/policies/note_policy.rb')
-rw-r--r-- | app/policies/note_policy.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/policies/note_policy.rb b/app/policies/note_policy.rb index e85f18f2d37..1bffcc5aea2 100644 --- a/app/policies/note_policy.rb +++ b/app/policies/note_policy.rb @@ -20,6 +20,7 @@ class NotePolicy < BasePolicy condition(:confidential, scope: :subject) { @subject.confidential? } + # If this condition changes IssuablePolicy#read_confidential_notes should be updated too condition(:can_read_confidential) do access_level >= Gitlab::Access::REPORTER || @subject.noteable_assignee_or_author?(@user) || admin? end |