Filter not accessible label events

Label events may use cross-project or cross-group references, if the projects are not accessible by user, we don't show these label events.
author: Jan Provaznik <jprovaznik@gitlab.com> 2019-09-17 15:38:09 +0300
committer: Yorick Peterse <yorick@yorickpeterse.com> 2019-09-30 15:22:04 +0300
commit: 2bb752322ed52dffa2741f0c2608e65a447ee1c4 (patch)
tree: c4de2c4827d81656b58862a56e1c7d6a9f3fb07c /app/policies
parent: 6a49482316c2dfb003c5c8d0646bc80a9ce50df8 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/app/policies/resource_label_event_policy.rb b/app/policies/resource_label_event_policy.rb
new file mode 100644
index 00000000000..de4748d9890
--- /dev/null
+++ b/app/policies/resource_label_event_policy.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+class ResourceLabelEventPolicy < BasePolicy
+  condition(:can_read_label) { @subject.label_id.nil? || can?(:read_label, @subject.label) }
+  condition(:can_read_issuable) { can?(:"read_#{@subject.issuable.to_ability_name}", @subject.issuable) }
+
+  rule { can_read_label }.policy do
+    enable :read_label
+  end
+
+  rule { can_read_label & can_read_issuable }.policy do
+    enable :read_resource_label_event
+  end
+end
author	Jan Provaznik <jprovaznik@gitlab.com>	2019-09-17 15:38:09 +0300
committer	Yorick Peterse <yorick@yorickpeterse.com>	2019-09-30 15:22:04 +0300
commit	2bb752322ed52dffa2741f0c2608e65a447ee1c4 (patch)
tree	c4de2c4827d81656b58862a56e1c7d6a9f3fb07c /app/policies
parent	6a49482316c2dfb003c5c8d0646bc80a9ce50df8 (diff)