Commit 670f8540 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'fix-mentions-on-confidential-issues-for-non-members' into 'master'

Mentions on confidential issues doesn't create todos for non-members

Closes #14569 

See merge request !3374
parents 98df8aab 26b28103
...@@ -24,6 +24,9 @@ v 8.6.3 (unreleased) ...@@ -24,6 +24,9 @@ v 8.6.3 (unreleased)
v 8.6.3 v 8.6.3
- Fix copying uploads when moving issue to another project - Fix copying uploads when moving issue to another project
v 8.6.3 (unreleased)
- Mentions on confidential issues doesn't create todos for non-members
v 8.6.2 v 8.6.2
- Fix dropdown alignment. !3298 - Fix dropdown alignment. !3298
- Fix issuable sidebar overlaps on tablet. !3299 - Fix issuable sidebar overlaps on tablet. !3299
......
...@@ -170,14 +170,30 @@ class TodoService ...@@ -170,14 +170,30 @@ class TodoService
end end
def filter_mentioned_users(project, target, author) def filter_mentioned_users(project, target, author)
mentioned_users = target.mentioned_users.select do |user| mentioned_users = target.mentioned_users
user.can?(:read_project, project) mentioned_users = reject_users_without_access(mentioned_users, project, target)
end
mentioned_users.delete(author) mentioned_users.delete(author)
mentioned_users.uniq mentioned_users.uniq
end end
def reject_users_without_access(users, project, target)
if target.is_a?(Note) && target.for_issue?
target = target.noteable
end
if target.is_a?(Issue)
select_users(users, :read_issue, target)
else
select_users(users, :read_project, project)
end
end
def select_users(users, ability, subject)
users.select do |user|
user.can?(ability.to_sym, subject)
end
end
def pending_todos(user, criteria = {}) def pending_todos(user, criteria = {})
valid_keys = [:project_id, :target_id, :target_type, :commit_id] valid_keys = [:project_id, :target_id, :target_type, :commit_id]
user.todos.pending.where(criteria.slice(*valid_keys)) user.todos.pending.where(criteria.slice(*valid_keys))
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment