Skip to content

G
gitlab-ce
Commit bd87c15d authored by Oswaldo Ferreira's avatar Oswaldo Ferreira
Browse files
Options

User should have write access on source and target issue to create a relation

parent 91a735d4
Show whitespace changes
Inline Side-by-side
Showing with 8 additions and 4 deletions
app/services/issue_links/create_service.rb
View file @ bd87c15d
...@@ -44,7 +44,9 @@ module IssueLinks ...@@ -44,7 +44,9 @@ module IssueLinks
extractor = Gitlab::ReferenceExtractor.new(@issue.project, @current_user) extractor = Gitlab::ReferenceExtractor.new(@issue.project, @current_user)
extractor.analyze(text) extractor.analyze(text)
extractor.issues extractor.issues.select do |issue|
can?(current_user, :admin_issue_link, issue.project)
end
end end
end end
......
spec/services/issue_links/create_service_spec.rb
View file @ bd87c15d
...@@ -40,14 +40,16 @@ describe IssueLinks::CreateService, service: true do ...@@ -40,14 +40,16 @@ describe IssueLinks::CreateService, service: true do
end end
end end
context 'when user has no permission to reference an Issue' do context 'when user has no permission to target project Issue' do
let(:issue_a) { create :issue, iid: 999 } let(:target_issue) { create :issue }
let(:params) do let(:params) do
{ issue_references: [issue_a.to_reference] } { issue_references: [target_issue.to_reference(project)] }
end end
it 'returns error' do it 'returns error' do
target_issue.project.add_guest(user)
is_expected.to eq(message: "No Issue found for given reference", status: :error, http_status: 401) is_expected.to eq(message: "No Issue found for given reference", status: :error, http_status: 401)
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7