Commit 5a07032d authored by Douwe Maan's avatar Douwe Maan

Merge branch 'security_bug_fix_close_issue' into 'master'

[Security] Automatic issue closing

Fixes https://dev.gitlab.org/gitlab/gitlabhq/issues/2640

See merge request !1944
parents a697b015 21a05328
...@@ -96,9 +96,11 @@ class GitPushService < BaseService ...@@ -96,9 +96,11 @@ class GitPushService < BaseService
# a different branch. # a different branch.
closed_issues = commit.closes_issues(current_user) closed_issues = commit.closes_issues(current_user)
closed_issues.each do |issue| closed_issues.each do |issue|
if can?(current_user, :update_issue, issue)
Issues::CloseService.new(project, authors[commit], {}).execute(issue, commit) Issues::CloseService.new(project, authors[commit], {}).execute(issue, commit)
end end
end end
end
commit.create_cross_references!(authors[commit], closed_issues) commit.create_cross_references!(authors[commit], closed_issues)
end end
......
...@@ -21,9 +21,11 @@ module MergeRequests ...@@ -21,9 +21,11 @@ module MergeRequests
closed_issues = merge_request.closes_issues(current_user) closed_issues = merge_request.closes_issues(current_user)
closed_issues.each do |issue| closed_issues.each do |issue|
if can?(current_user, :update_issue, issue)
Issues::CloseService.new(project, current_user, {}).execute(issue, merge_request) Issues::CloseService.new(project, current_user, {}).execute(issue, merge_request)
end end
end end
end
def create_merge_event(merge_request, current_user) def create_merge_event(merge_request, current_user)
EventCreateService.new.merge_mr(merge_request, current_user) EventCreateService.new.merge_mr(merge_request, current_user)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment