diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-02-27 17:20:11 +0300 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-02-27 17:20:11 +0300 |
commit | 476b07b12a2b6f47878fcf06479e77f4e1850d03 (patch) | |
tree | 866cbfcd480700d4d446e5adae396dece1b1192f /app | |
parent | 9bf7ca89711064214c12b584192ae22aeb9193c2 (diff) | |
parent | ffcc3f57d6f7aec968a1b9fe4b408a498d3bf880 (diff) |
Merge branch '11-7-security-2799-emails' into '11-7-stable'
Remove link after issue move when no permissions
See merge request gitlab/gitlabhq!2956
Diffstat (limited to 'app')
-rw-r--r-- | app/mailers/emails/issues.rb | 1 | ||||
-rw-r--r-- | app/views/notify/issue_moved_email.html.haml | 11 | ||||
-rw-r--r-- | app/views/notify/issue_moved_email.text.erb | 4 |
3 files changed, 12 insertions, 4 deletions
diff --git a/app/mailers/emails/issues.rb b/app/mailers/emails/issues.rb index 654ae211310..d2e334fb856 100644 --- a/app/mailers/emails/issues.rb +++ b/app/mailers/emails/issues.rb @@ -74,6 +74,7 @@ module Emails @new_issue = new_issue @new_project = new_issue.project + @can_access_project = recipient.can?(:read_project, @new_project) mail_answer_thread(issue, issue_thread_options(updated_by_user.id, recipient.id, reason)) end diff --git a/app/views/notify/issue_moved_email.html.haml b/app/views/notify/issue_moved_email.html.haml index 472c31e9a5e..b766cb1a523 100644 --- a/app/views/notify/issue_moved_email.html.haml +++ b/app/views/notify/issue_moved_email.html.haml @@ -1,6 +1,9 @@ %p Issue was moved to another project. -%p - New issue: - = link_to project_issue_url(@new_project, @new_issue) do - = @new_issue.title +- if @can_access_project + %p + New issue: + = link_to project_issue_url(@new_project, @new_issue) do + = @new_issue.title +- else + You don't have access to the project. diff --git a/app/views/notify/issue_moved_email.text.erb b/app/views/notify/issue_moved_email.text.erb index 66ede43635b..985e689aa9d 100644 --- a/app/views/notify/issue_moved_email.text.erb +++ b/app/views/notify/issue_moved_email.text.erb @@ -1,4 +1,8 @@ Issue was moved to another project. +<% if @can_access_project %> New issue location: <%= project_issue_url(@new_project, @new_issue) %> +<% else %> +You don't have access to the project. +<% end %> |