diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-03-26 18:29:04 +0300 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-03-26 18:29:04 +0300 |
| commit | f6474895fbcc13d21db166b255a9c0741402ce37 (patch) | |
| tree | 69ddd42aad4bc01a739bfbf8fe4e48768c5206a7 /app | |
| parent | 9057899166978f99de8ce1d9edc0c8e048c28c67 (diff) | |
| parent | 53e34cedafc59f18621bdf9d26adc82b7897a306 (diff) | |
Merge branch 'security-56224-11-7' into '11-7-stable'
Fix related branches visible in issues for guests
See merge request gitlab/gitlabhq!3020
Diffstat (limited to 'app')
| -rw-r--r-- | app/assets/javascripts/issue.js | 4 | ||||
| -rw-r--r-- | app/controllers/projects/issues_controller.rb | 1 | ||||
| -rw-r--r-- | app/views/projects/issues/show.html.haml | 5 |
3 files changed, 7 insertions, 3 deletions
diff --git a/app/assets/javascripts/issue.js b/app/assets/javascripts/issue.js index 94b78907d9a..b3508f36cf9 100644 --- a/app/assets/javascripts/issue.js +++ b/app/assets/javascripts/issue.js @@ -16,7 +16,9 @@ export default class Issue { Issue.createMrDropdownWrap = document.querySelector('.create-mr-dropdown-wrap'); Issue.initMergeRequests(); - Issue.initRelatedBranches(); + if (document.querySelector('#related-branches')) { + Issue.initRelatedBranches(); + } this.closeButtons = $('a.btn-close'); this.reopenButtons = $('a.btn-reopen'); diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index f45cac86f5a..80ba613054c 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -38,6 +38,7 @@ class Projects::IssuesController < Projects::ApplicationController before_action :authorize_create_merge_request_from!, only: [:create_merge_request] before_action :authorize_import_issues!, only: [:import_csv] + before_action :authorize_download_code!, only: [:related_branches] before_action :set_suggested_issues_feature_flags, only: [:new] diff --git a/app/views/projects/issues/show.html.haml b/app/views/projects/issues/show.html.haml index f048fb91304..277a28c8fe5 100644 --- a/app/views/projects/issues/show.html.haml +++ b/app/views/projects/issues/show.html.haml @@ -74,8 +74,9 @@ #merge-requests{ data: { url: referenced_merge_requests_project_issue_path(@project, @issue) } } // This element is filled in using JavaScript. - #related-branches{ data: { url: related_branches_project_issue_path(@project, @issue) } } - // This element is filled in using JavaScript. + - if can?(current_user, :download_code, @project) + #related-branches{ data: { url: related_branches_project_issue_path(@project, @issue) } } + // This element is filled in using JavaScript. .content-block.emoji-block.emoji-block-sticky .row |