diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-09-26 16:53:20 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-09-26 16:53:20 +0300 |
commit | 020df25cd84acd8baa1f61be8f32153a7928336b (patch) | |
tree | 9d34f8eb184827ea49115477d96c04b3118b265e /app | |
parent | 42902b2fcba875241edca5ed5b24c6eb8108b4d0 (diff) | |
parent | f37b0cd625f858f7db5d0075b9487909f791b04a (diff) |
Merge branch 'security-12718-project-milestones-disclosed-via-groups-12-3-ce' into '12-3-stable'
Hide disabled project milestones in project settings on group level
See merge request gitlab/gitlabhq!3424
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/groups/milestones_controller.rb | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/app/controllers/groups/milestones_controller.rb b/app/controllers/groups/milestones_controller.rb index 58df6f66d50..1eacae06457 100644 --- a/app/controllers/groups/milestones_controller.rb +++ b/app/controllers/groups/milestones_controller.rb @@ -3,14 +3,13 @@ class Groups::MilestonesController < Groups::ApplicationController include MilestoneActions - before_action :group_projects before_action :milestone, only: [:edit, :show, :update, :merge_requests, :participants, :labels, :destroy] before_action :authorize_admin_milestones!, only: [:edit, :new, :create, :update, :destroy] def index respond_to do |format| format.html do - @milestone_states = Milestone.states_count(group_projects, [group]) + @milestone_states = Milestone.states_count(group_projects_with_access, [group]) @milestones = Kaminari.paginate_array(milestones).page(params[:page]) end format.json do @@ -100,13 +99,18 @@ class Groups::MilestonesController < Groups::ApplicationController end def legacy_milestones - GroupMilestone.build_collection(group, group_projects, params) + GroupMilestone.build_collection(group, group_projects_with_access, params) + end + + def group_projects_with_access + group_projects.with_issues_available_for_user(current_user) + .or(group_projects.with_merge_requests_available_for_user(current_user)) end def milestone @milestone = if params[:title] - GroupMilestone.build(group, group_projects, params[:title]) + GroupMilestone.build(group, group_projects_with_access, params[:title]) else group.milestones.find_by_iid(params[:id]) end |