diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-02-27 17:22:22 +0300 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-02-27 17:22:22 +0300 |
commit | dae57f565cbb16424379f896e72441484d4ecdd7 (patch) | |
tree | 36fc37823ed4b9dfdd9b5c484b1c558094a43f39 /app | |
parent | 7018c57a63f6e9422be4a5b6cbf8d4db743d4883 (diff) | |
parent | 8fbc73d2c096e93759baa04824d7a6fa4f5551f6 (diff) |
Merge branch '11-7-security-2797-milestone-mrs' into '11-7-stable'
Show only MRs visible to user on milestone detail
See merge request gitlab/gitlabhq!2924
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/concerns/milestone_actions.rb | 2 | ||||
-rw-r--r-- | app/models/concerns/milestoneish.rb | 11 |
2 files changed, 10 insertions, 3 deletions
diff --git a/app/controllers/concerns/milestone_actions.rb b/app/controllers/concerns/milestone_actions.rb index eccbe35577b..c0c0160a827 100644 --- a/app/controllers/concerns/milestone_actions.rb +++ b/app/controllers/concerns/milestone_actions.rb @@ -8,7 +8,7 @@ module MilestoneActions format.html { redirect_to milestone_redirect_path } format.json do render json: tabs_json("shared/milestones/_merge_requests_tab", { - merge_requests: @milestone.sorted_merge_requests, # rubocop:disable Gitlab/ModuleWithInstanceVariables + merge_requests: @milestone.sorted_merge_requests(current_user), # rubocop:disable Gitlab/ModuleWithInstanceVariables show_project_name: true }) end diff --git a/app/models/concerns/milestoneish.rb b/app/models/concerns/milestoneish.rb index 055ffe04646..39372c4f68b 100644 --- a/app/models/concerns/milestoneish.rb +++ b/app/models/concerns/milestoneish.rb @@ -46,12 +46,19 @@ module Milestoneish end end + def merge_requests_visible_to_user(user) + memoize_per_user(user, :merge_requests_visible_to_user) do + MergeRequestsFinder.new(user, {}) + .execute.where(milestone_id: milestoneish_id) + end + end + def sorted_issues(user) issues_visible_to_user(user).preload_associations.sort_by_attribute('label_priority') end - def sorted_merge_requests - merge_requests.sort_by_attribute('label_priority') + def sorted_merge_requests(user) + merge_requests_visible_to_user(user).sort_by_attribute('label_priority') end def upcoming? |