Add latest changes from gitlab-org/security/gitlab@12-4-stable-ee

4 files changed, 11 insertions, 3 deletions

diff --git a/app/controllers/profiles/notifications_controller.rb b/app/controllers/profiles/notifications_controller.rb
index 5f44e55f3ef..d295b64082c 100644
--- a/app/controllers/profiles/notifications_controller.rb
+++ b/app/controllers/profiles/notifications_controller.rb
@@ -11,6 +11,7 @@ class Profiles::NotificationsController < Profiles::ApplicationController
       exclude_group_ids: @group_notifications.select(:source_id)
     ).execute.map { |group| current_user.notification_settings_for(group, inherit: true) }
     @project_notifications = current_user.notification_settings.for_projects.order(:id)
+                             .select { |notification| current_user.can?(:read_project, notification.source) }
     @global_notification_setting = current_user.global_notification_setting
   end
   # rubocop: enable CodeReuse/ActiveRecord
diff --git a/app/helpers/notifications_helper.rb b/app/helpers/notifications_helper.rb
index 8855e0cdd70..9a64fe98f86 100644
--- a/app/helpers/notifications_helper.rb
+++ b/app/helpers/notifications_helper.rb
@@ -116,4 +116,8 @@ module NotificationsHelper
   def show_unsubscribe_title?(noteable)
     can?(current_user, "read_#{noteable.to_ability_name}".to_sym, noteable)
   end
+
+  def can_read_project?(project)
+    can?(current_user, :read_project, project)
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index eec8ad6edbb..2fe74617102 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1308,7 +1308,7 @@ class User < ApplicationRecord
         .select('ci_runners.*')
 
       group_runners = Ci::RunnerNamespace
-        .where(namespace_id: owned_or_maintainers_groups.select(:id))
+        .where(namespace_id: owned_groups.select(:id))
         .joins(:runner)
         .select('ci_runners.*')
 
diff --git a/app/views/sent_notifications/unsubscribe.html.haml b/app/views/sent_notifications/unsubscribe.html.haml
index 22fcfcda297..1eecbe3bc0e 100644
--- a/app/views/sent_notifications/unsubscribe.html.haml
+++ b/app/views/sent_notifications/unsubscribe.html.haml
@@ -1,13 +1,16 @@
 - noteable = @sent_notification.noteable
 - noteable_type = @sent_notification.noteable_type.titleize.downcase
 - noteable_text = show_unsubscribe_title?(noteable) ? %(#{noteable.title} (#{noteable.to_reference})) : %(#{noteable.to_reference})
-- page_title _("Unsubscribe"), noteable_text, noteable_type.pluralize, @sent_notification.project.full_name
+- show_project_path = can_read_project?(@sent_notification.project)
+- project_path = show_project_path ? @sent_notification.project.full_name : _("GitLab / Unsubscribe")
+- noteable_url = show_project_path ? url_for([@sent_notification.project.namespace.becomes(Namespace), @sent_notification.project, noteable]) : breadcrumb_title_link
+- page_title _('Unsubscribe'), noteable_text, noteable_type.pluralize, project_path
 
 %h3.page-title
   = _("Unsubscribe from %{type}") % { type: noteable_type }
 
 %p
-  - link_to_noteable_text = link_to(noteable_text, url_for([@sent_notification.project.namespace.becomes(Namespace), @sent_notification.project, noteable]))
+  - link_to_noteable_text = link_to(noteable_text, noteable_url)
   = _("Are you sure you want to unsubscribe from the %{type}: %{link_to_noteable_text}?").html_safe % { type: noteable_type, link_to_noteable_text: link_to_noteable_text }
 
 %p