• Heinrich Lee Yu's avatar
    Prevent comments by email when issue is locked · 35b8f103
    Heinrich Lee Yu authored
    This changes the permission check so it uses the policy on Noteable
    instead of Project. This prevents bypassing of rules defined in
    Noteable for locked discussions and confidential issues.
    
    Also rechecks permissions when reply_to_discussion_id is provided since the
    discussion_id may be from a different noteable.
    35b8f103
project_snippet_policy_spec.rb 3.98 KB