Prevent award_emoji to notes not visible to user

When the parent noteable is not visible to the user (e.g. confidential) we prevent the user from adding emoji reactions to notes
author: Heinrich Lee Yu <hleeyu@gmail.com> 2019-01-15 11:21:28 +0300
committer: Yorick Peterse <yorickpeterse@gmail.com> 2019-01-31 18:51:17 +0300
commit: 9f67b886b2cf425329a4dc792e6c41cf571ab102 (patch)
tree: 47ab49b0caeb53991849b29c18504543573591b1 /changelogs
parent: 6c0758f69b616374332dce672e3ca0e964274cbc (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-2776-fix-add-reaction-permissions.yml b/changelogs/unreleased/security-2776-fix-add-reaction-permissions.yml
new file mode 100644
index 00000000000..3ad92578c44
--- /dev/null
+++ b/changelogs/unreleased/security-2776-fix-add-reaction-permissions.yml
@@ -0,0 +1,5 @@
+---
+title: Prevent awarding emojis to notes whose parent is not visible to user
+merge_request:
+author:
+type: security
author	Heinrich Lee Yu <hleeyu@gmail.com>	2019-01-15 11:21:28 +0300
committer	Yorick Peterse <yorickpeterse@gmail.com>	2019-01-31 18:51:17 +0300
commit	9f67b886b2cf425329a4dc792e6c41cf571ab102 (patch)
tree	47ab49b0caeb53991849b29c18504543573591b1 /changelogs
parent	6c0758f69b616374332dce672e3ca0e964274cbc (diff)