Merge branch 'prevent_authored_awardable_votes' into 'master'

prevent authored awardable thumbs votes ## What does this MR do? This MR should prevent users from upvoting or downvoting issues/merge requests/notes authored by them. ## What are the relevant issue numbers? Closes #20913 See merge request !5841
author: Robert Speicher <robert@gitlab.com> 2016-08-31 01:32:17 +0300
committer: Robert Speicher <robert@gitlab.com> 2016-08-31 01:32:17 +0300
commit: b8d44c4c4d7cb252ee39be9dceb657d3e5522ed1 (patch)
tree: 1d252bf2161d36e79723a743199a4ec05f2ac707 /app
parent: 7dd97cff3448b6b5d081829e782823113c2db91f (diff)
parent: 5c5d13c42d152ba58818a572a51e796cba4a281d (diff)
4 files changed, 27 insertions, 3 deletions
diff --git a/app/controllers/concerns/toggle_award_emoji.rb b/app/controllers/concerns/toggle_award_emoji.rb
index 036777c80c1..172d5344b7a 100644
--- a/app/controllers/concerns/toggle_award_emoji.rb
+++ b/app/controllers/concerns/toggle_award_emoji.rb
@@ -8,10 +8,14 @@ module ToggleAwardEmoji
   def toggle_award_emoji
     name = params.require(:name)
 
-    awardable.toggle_award_emoji(name, current_user)
-    TodoService.new.new_award_emoji(to_todoable(awardable), current_user)
+    if awardable.user_can_award?(current_user, name)
+      awardable.toggle_award_emoji(name, current_user)
+      TodoService.new.new_award_emoji(to_todoable(awardable), current_user)
 
-    render json: { ok: true }
+      render json: { ok: true }
+    else
+      render json: { ok: false }
+    end
   end
 
   private
diff --git a/app/models/concerns/awardable.rb b/app/models/concerns/awardable.rb
index 800a16ab246..83f5bc1fa9e 100644
--- a/app/models/concerns/awardable.rb
+++ b/app/models/concerns/awardable.rb
@@ -59,6 +59,18 @@ module Awardable
     true
   end
 
+  def awardable_votes?(name)
+    AwardEmoji::UPVOTE_NAME == name || AwardEmoji::DOWNVOTE_NAME == name
+  end
+
+  def user_can_award?(current_user, name)
+    if user_authored?(current_user)
+      !awardable_votes?(normalize_name(name))
+    else
+      true
+    end
+  end
+
   def awarded_emoji?(emoji_name, current_user)
     award_emoji.where(name: emoji_name, user: current_user).exists?
   end
diff --git a/app/models/concerns/issuable.rb b/app/models/concerns/issuable.rb
index 8e11d4f57cf..22231b2e0f0 100644
--- a/app/models/concerns/issuable.rb
+++ b/app/models/concerns/issuable.rb
@@ -196,6 +196,10 @@ module Issuable
     end
   end
 
+  def user_authored?(user)
+    user == author
+  end
+
   def subscribed_without_subscriptions?(user)
     participants(user).include?(user)
   end
diff --git a/app/models/note.rb b/app/models/note.rb
index f2656df028b..b94e3cff2ce 100644
--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -223,6 +223,10 @@ class Note < ActiveRecord::Base
     end
   end
 
+  def user_authored?(user)
+    user == author
+  end
+
   def award_emoji?
     can_be_award_emoji? && contains_emoji_only?
   end
author	Robert Speicher <robert@gitlab.com>	2016-08-31 01:32:17 +0300
committer	Robert Speicher <robert@gitlab.com>	2016-08-31 01:32:17 +0300
commit	b8d44c4c4d7cb252ee39be9dceb657d3e5522ed1 (patch)
tree	1d252bf2161d36e79723a743199a4ec05f2ac707 /app
parent	7dd97cff3448b6b5d081829e782823113c2db91f (diff)
parent	5c5d13c42d152ba58818a572a51e796cba4a281d (diff)