Commit 561f4402 authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Fix permission check for confidential quick action

Checks `set_confidentiality` instead of `admin_issue` so that
non-members can use the confidential quick action on issue creation.

Changelog: fixed
parent a9bae7b7
......@@ -172,7 +172,7 @@ module Gitlab
condition do
quick_action_target.issue_type_supports?(:confidentiality) &&
!quick_action_target.confidential? &&
current_user.can?(:"admin_#{quick_action_target.to_ability_name}", quick_action_target)
current_user.can?(:set_confidentiality, quick_action_target)
end
command :confidential do
@updates[:confidential] = true
......
......@@ -1326,14 +1326,25 @@ RSpec.describe QuickActions::InterpretService do
let(:issuable) { issue }
end
it_behaves_like 'confidential command' do
let(:content) { '/confidential' }
let(:issuable) { issue }
end
context '/confidential' do
it_behaves_like 'confidential command' do
let(:content) { '/confidential' }
let(:issuable) { issue }
end
it_behaves_like 'confidential command' do
let(:content) { '/confidential' }
let(:issuable) { create(:incident, project: project) }
end
context 'when non-member is creating a new issue' do
let(:service) { described_class.new(project, create(:user)) }
it_behaves_like 'confidential command' do
let(:content) { '/confidential' }
let(:issuable) { create(:incident, project: project) }
it_behaves_like 'confidential command' do
let(:content) { '/confidential' }
let(:issuable) { build(:issue, project: project) }
end
end
end
it_behaves_like 'lock command' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment