Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/services/issues/base_service.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/services/issues/base_service.rb')
-rw-r--r--app/services/issues/base_service.rb12
1 files changed, 12 insertions, 0 deletions
diff --git a/app/services/issues/base_service.rb b/app/services/issues/base_service.rb
index 0ed2b08b7b1..978ea6fe9bc 100644
--- a/app/services/issues/base_service.rb
+++ b/app/services/issues/base_service.rb
@@ -34,6 +34,18 @@ module Issues
private
+ def filter_params(merge_request)
+ super
+
+ moved_issue = params.delete(:moved_issue)
+
+ # Setting created_at, updated_at and iid is allowed only for admins and owners or
+ # when moving an issue as we preserve the original issue attributes except id and iid.
+ params.delete(:iid) unless current_user.can?(:set_issue_iid, project)
+ params.delete(:created_at) unless moved_issue || current_user.can?(:set_issue_created_at, project)
+ params.delete(:updated_at) unless moved_issue || current_user.can?(:set_issue_updated_at, project)
+ end
+
def create_assignee_note(issue, old_assignees)
SystemNoteService.change_issuable_assignees(
issue, issue.project, current_user, old_assignees)
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-14 09:16:03 +0300