From ba2dd425136ba32ccb9793b5c10e5f26910970a2 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 28 Sep 2022 21:59:16 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@15-2-stable-ee

---
 app/policies/note_policy.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/policies/note_policy.rb')

diff --git a/app/policies/note_policy.rb b/app/policies/note_policy.rb
index e85f18f2d37..1bffcc5aea2 100644
--- a/app/policies/note_policy.rb
+++ b/app/policies/note_policy.rb
@@ -20,6 +20,7 @@ class NotePolicy < BasePolicy
 
   condition(:confidential, scope: :subject) { @subject.confidential? }
 
+  # If this condition changes IssuablePolicy#read_confidential_notes should be updated too
   condition(:can_read_confidential) do
     access_level >= Gitlab::Access::REPORTER || @subject.noteable_assignee_or_author?(@user) || admin?
   end
-- 
cgit v1.2.3