Commit 3f6ce01f authored by Mark Chao's avatar Mark Chao

Merge branch '337665-logged-in-users-can-set-confidential-flag' into 'master'

Let non-members set confidential flag when creating an issue in public project

See merge request gitlab-org/gitlab!68459
parents 5d106827 518fe9a1
...@@ -69,6 +69,14 @@ class IssuePolicy < IssuablePolicy ...@@ -69,6 +69,14 @@ class IssuePolicy < IssuablePolicy
rule { persisted & can?(:admin_issue) }.policy do rule { persisted & can?(:admin_issue) }.policy do
enable :set_issue_metadata enable :set_issue_metadata
end end
rule { can?(:set_issue_metadata) }.policy do
enable :set_confidentiality
end
rule { ~persisted & can?(:create_issue) }.policy do
enable :set_confidentiality
end
end end
IssuePolicy.prepend_mod_with('IssuePolicy') IssuePolicy.prepend_mod_with('IssuePolicy')
...@@ -51,9 +51,12 @@ class IssuableBaseService < ::BaseProjectService ...@@ -51,9 +51,12 @@ class IssuableBaseService < ::BaseProjectService
params.delete(:canonical_issue_id) params.delete(:canonical_issue_id)
params.delete(:project) params.delete(:project)
params.delete(:discussion_locked) params.delete(:discussion_locked)
params.delete(:confidential)
end end
# confidential attribute is a special type of metadata and needs to be allowed to be set
# by non-members on issues in public projects so that security issues can be reported as confidential.
params.delete(:confidential) unless can?(current_user, :set_confidentiality, issuable)
filter_assignees(issuable) filter_assignees(issuable)
filter_milestone filter_milestone
filter_labels filter_labels
......
- project = local_assigns.fetch(:project) - project = local_assigns.fetch(:project)
- issuable = local_assigns.fetch(:issuable) - issuable = local_assigns.fetch(:issuable)
- presenter = local_assigns.fetch(:presenter) - presenter = local_assigns.fetch(:presenter)
- return unless can?(current_user, :"set_#{issuable.to_ability_name}_metadata", issuable)
- has_due_date = issuable.has_attribute?(:due_date) - has_due_date = issuable.has_attribute?(:due_date)
- form = local_assigns.fetch(:form) - form = local_assigns.fetch(:form)
- if issuable.respond_to?(:confidential) - if issuable.respond_to?(:confidential) && can?(current_user, :set_confidentiality, issuable)
.form-group.row .form-group.row
.offset-sm-2.col-sm-10 .offset-sm-2.col-sm-10
.form-check .form-check
...@@ -15,8 +12,9 @@ ...@@ -15,8 +12,9 @@
= form.label :confidential, class: 'form-check-label' do = form.label :confidential, class: 'form-check-label' do
This issue is confidential and should only be visible to team members with at least Reporter access. This issue is confidential and should only be visible to team members with at least Reporter access.
%hr - if can?(current_user, :"set_#{issuable.to_ability_name}_metadata", issuable)
.row %hr
.row
%div{ class: (has_due_date ? "col-lg-6" : "col-12") } %div{ class: (has_due_date ? "col-lg-6" : "col-12") }
.form-group.row.merge-request-assignee .form-group.row.merge-request-assignee
= render "shared/issuable/form/metadata_issuable_assignee", issuable: issuable, form: form, has_due_date: has_due_date = render "shared/issuable/form/metadata_issuable_assignee", issuable: issuable, form: form, has_due_date: has_due_date
......
...@@ -38,5 +38,6 @@ class EpicPolicy < BasePolicy ...@@ -38,5 +38,6 @@ class EpicPolicy < BasePolicy
rule { can?(:admin_epic) }.policy do rule { can?(:admin_epic) }.policy do
enable :set_epic_metadata enable :set_epic_metadata
enable :set_confidentiality
end end
end end
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment