Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-12-14 12:08:01 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-12-14 12:08:01 +0300
commit: af60c8a79f77c8230292a133fb9d09dab5cd5cd3 (patch)
tree: 7db57df336144ae99b2e299e467b6c75f3356daf /app/policies/note_policy.rb
parent: b747a99e48ac36c351ec6f4329b8e5f75d5ed253 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/app/policies/note_policy.rb b/app/policies/note_policy.rb
index 67b57595beb..9fd95bbe42d 100644
--- a/app/policies/note_policy.rb
+++ b/app/policies/note_policy.rb
@@ -20,12 +20,20 @@ class NotePolicy < BasePolicy
 
   condition(:confidential, scope: :subject) { @subject.confidential? }
 
+  # if noteable is a work item it needs to check the notes widget availability
+  condition(:notes_widget_enabled, scope: :subject) do
+    !@subject.noteable.respond_to?(:work_item_type) ||
+      @subject.noteable.work_item_type.widgets.include?(::WorkItems::Widgets::Notes)
+  end
+
   # Should be matched with IssuablePolicy#read_internal_note
   # and EpicPolicy#read_internal_note
   condition(:can_read_confidential) do
     access_level >= Gitlab::Access::REPORTER || admin?
   end
 
+  rule { ~notes_widget_enabled }.prevent_all
+
   rule { ~editable }.prevent :admin_note
 
   # If user can't read the issue/MR/etc then they should not be allowed to do anything to their own notes
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-12-14 12:08:01 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-12-14 12:08:01 +0300
commit	af60c8a79f77c8230292a133fb9d09dab5cd5cd3 (patch)
tree	7db57df336144ae99b2e299e467b6c75f3356daf /app/policies/note_policy.rb
parent	b747a99e48ac36c351ec6f4329b8e5f75d5ed253 (diff)