diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 15:48:37 +0300 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 15:48:40 +0300 |
commit | f4ef3ed11a575f54a70712ae69c47c8b182f213c (patch) | |
tree | 85b1535e1e86822fd6fd52f0cb438fd11c3081a1 /lib | |
parent | e3eb245f1da5f66a402aaf87b67387e6c414223c (diff) |
Merge branch 'security-2779-fix-email-comment-permissions-check-11-7' into 'security-11-7'
[11.7] Fix discussion replies permissions check
See merge request gitlab/gitlabhq!2824
(cherry picked from commit 9b4e7708495abe1fc3d8dc7f8ab41cc86206fff4)
d845ca7d Prevent comments by email when issue is locked
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/email/handler/reply_processing.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gitlab/email/handler/reply_processing.rb b/lib/gitlab/email/handler/reply_processing.rb index ba9730d2685..d8f4be8ada1 100644 --- a/lib/gitlab/email/handler/reply_processing.rb +++ b/lib/gitlab/email/handler/reply_processing.rb @@ -56,7 +56,7 @@ module Gitlab raise ProjectNotFound unless author.can?(:read_project, project) end - raise UserNotAuthorizedError unless author.can?(permission, project || noteable) + raise UserNotAuthorizedError unless author.can?(permission, try(:noteable) || project) end def verify_record!(record:, invalid_exception:, record_name:) |