diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/concerns/milestone_actions.rb | 2 | ||||
-rw-r--r-- | app/controllers/groups/milestones_controller.rb | 12 | ||||
-rw-r--r-- | app/controllers/sent_notifications_controller.rb | 6 |
3 files changed, 14 insertions, 6 deletions
diff --git a/app/controllers/concerns/milestone_actions.rb b/app/controllers/concerns/milestone_actions.rb index 8b8b7db72f8..1ead631663e 100644 --- a/app/controllers/concerns/milestone_actions.rb +++ b/app/controllers/concerns/milestone_actions.rb @@ -20,7 +20,7 @@ module MilestoneActions format.html { redirect_to milestone_redirect_path } format.json do render json: tabs_json("shared/milestones/_participants_tab", { - users: @milestone.participants # rubocop:disable Gitlab/ModuleWithInstanceVariables + users: @milestone.issue_participants_visible_by_user(current_user) # rubocop:disable Gitlab/ModuleWithInstanceVariables }) end end diff --git a/app/controllers/groups/milestones_controller.rb b/app/controllers/groups/milestones_controller.rb index 58df6f66d50..1eacae06457 100644 --- a/app/controllers/groups/milestones_controller.rb +++ b/app/controllers/groups/milestones_controller.rb @@ -3,14 +3,13 @@ class Groups::MilestonesController < Groups::ApplicationController include MilestoneActions - before_action :group_projects before_action :milestone, only: [:edit, :show, :update, :merge_requests, :participants, :labels, :destroy] before_action :authorize_admin_milestones!, only: [:edit, :new, :create, :update, :destroy] def index respond_to do |format| format.html do - @milestone_states = Milestone.states_count(group_projects, [group]) + @milestone_states = Milestone.states_count(group_projects_with_access, [group]) @milestones = Kaminari.paginate_array(milestones).page(params[:page]) end format.json do @@ -100,13 +99,18 @@ class Groups::MilestonesController < Groups::ApplicationController end def legacy_milestones - GroupMilestone.build_collection(group, group_projects, params) + GroupMilestone.build_collection(group, group_projects_with_access, params) + end + + def group_projects_with_access + group_projects.with_issues_available_for_user(current_user) + .or(group_projects.with_merge_requests_available_for_user(current_user)) end def milestone @milestone = if params[:title] - GroupMilestone.build(group, group_projects, params[:title]) + GroupMilestone.build(group, group_projects_with_access, params[:title]) else group.milestones.find_by_iid(params[:id]) end diff --git a/app/controllers/sent_notifications_controller.rb b/app/controllers/sent_notifications_controller.rb index 51a67cd2e3b..893f5145e99 100644 --- a/app/controllers/sent_notifications_controller.rb +++ b/app/controllers/sent_notifications_controller.rb @@ -19,7 +19,11 @@ class SentNotificationsController < ApplicationController flash[:notice] = _("You have been unsubscribed from this thread.") if current_user - redirect_to noteable_path(noteable) + if current_user.can?(:"read_#{noteable.class.to_ability_name}", noteable) + redirect_to noteable_path(noteable) + else + redirect_to root_path + end else redirect_to new_user_session_path end |