diff options
Diffstat (limited to 'app/services')
-rw-r--r-- | app/services/issues/base_service.rb | 3 | ||||
-rw-r--r-- | app/services/todos/allowed_target_filter_service.rb | 18 |
2 files changed, 21 insertions, 0 deletions
diff --git a/app/services/issues/base_service.rb b/app/services/issues/base_service.rb index bf66a33a7b2..5e0a86fdeee 100644 --- a/app/services/issues/base_service.rb +++ b/app/services/issues/base_service.rb @@ -48,6 +48,9 @@ module Issues params.delete(:created_at) unless moved_issue || current_user.can?(:set_issue_created_at, project) params.delete(:updated_at) unless moved_issue || current_user.can?(:set_issue_updated_at, project) + # Only users with permission to handle error data can add it to issues + params.delete(:sentry_issue_attributes) unless current_user.can?(:update_sentry_issue, project) + issue.system_note_timestamp = params[:created_at] || params[:updated_at] end diff --git a/app/services/todos/allowed_target_filter_service.rb b/app/services/todos/allowed_target_filter_service.rb new file mode 100644 index 00000000000..dfed616710b --- /dev/null +++ b/app/services/todos/allowed_target_filter_service.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +module Todos + class AllowedTargetFilterService + include Gitlab::Allowable + + def initialize(todos, current_user) + @todos = todos + @current_user = current_user + end + + def execute + Preloaders::UserMaxAccessLevelInProjectsPreloader.new(@todos.map(&:project).compact, @current_user).execute + + @todos.select { |todo| can?(@current_user, :read_todo, todo) } + end + end +end |