diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-12-03 13:00:26 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-12-03 13:00:56 +0300 |
| commit | 7418d0b3ebed03b22d42b1714f8de064b95aa425 (patch) | |
| tree | db850d1ad45ac91912d52ce2affb0e984990f3e4 /app | |
| parent | 6aefeb24873b0957456ae0deacbb431fc79a6a28 (diff) | |
Add latest changes from gitlab-org/security/gitlab@14-5-stable-ee
Diffstat (limited to 'app')
| -rw-r--r-- | app/models/todo.rb | 2 | ||||
| -rw-r--r-- | app/policies/issuable_policy.rb | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/app/models/todo.rb b/app/models/todo.rb index 742b8fd2a9d..cfcb2201b80 100644 --- a/app/models/todo.rb +++ b/app/models/todo.rb @@ -69,7 +69,7 @@ class Todo < ApplicationRecord scope :for_type, -> (type) { where(target_type: type) } scope :for_target, -> (id) { where(target_id: id) } scope :for_commit, -> (id) { where(commit_id: id) } - scope :with_entity_associations, -> { preload(:target, :author, :note, group: :route, project: [:route, { namespace: :route }]) } + scope :with_entity_associations, -> { preload(:target, :author, :note, group: :route, project: [:route, { namespace: [:route, :owner] }]) } scope :joins_issue_and_assignees, -> { left_joins(issue: :assignees) } enum resolved_by_action: { system_done: 0, api_all_done: 1, api_done: 2, mark_all_done: 3, mark_done: 4 }, _prefix: :resolved_by diff --git a/app/policies/issuable_policy.rb b/app/policies/issuable_policy.rb index 39ce26526e6..ed5a0f24ed0 100644 --- a/app/policies/issuable_policy.rb +++ b/app/policies/issuable_policy.rb @@ -17,7 +17,9 @@ class IssuablePolicy < BasePolicy enable :read_issue enable :update_issue enable :reopen_issue - enable :read_merge_request + end + + rule { can?(:read_merge_request) & assignee_or_author }.policy do enable :update_merge_request enable :reopen_merge_request end |