BigW Consortium Gitlab

Commit fffbc369 by Douwe Maan

Merge branch 'rs-issue-2092' into 'master'

Dynamically check `:admin_*` ability in two more spots. Closes #2092 Depends on !1037 See merge request !1042
parents 71a8c780 b9b2d086
......@@ -159,6 +159,16 @@ module Issuable
end
end
# Convert this Issuable class name to a format usable by Ability definitions
#
# Examples:
#
# issuable.class # => MergeRequest
# issuable.to_ability_name # => "merge_request"
def to_ability_name
self.class.to_s.underscore
end
private
def filter_superceded_votes(votes, notes)
......
......@@ -27,8 +27,10 @@ class IssuableBaseService < BaseService
old_branch, new_branch)
end
def filter_params
unless can?(current_user, :admin_issue, project)
def filter_params(issuable_ability_name = :issue)
ability = :"admin_#{issuable_ability_name}"
unless can?(current_user, ability, project)
params.delete(:milestone_id)
params.delete(:label_ids)
params.delete(:assignee_id)
......
......@@ -10,6 +10,10 @@ module Issues
private
def filter_params
super(:issue)
end
def execute_hooks(issue, action = 'open')
issue_data = hook_data(issue, action)
issue.project.execute_hooks(issue_data, :issue_hooks)
......
......@@ -20,5 +20,11 @@ module MergeRequests
merge_request.project.execute_services(merge_data, :merge_request_hooks)
end
end
private
def filter_params
super(:merge_request)
end
end
end
......@@ -8,7 +8,7 @@
- else
none
.issuable-context-selectbox
- if can?(current_user, :"admin_#{issuable.class.to_s.underscore}", @project)
- if can?(current_user, :"admin_#{issuable.to_ability_name}", @project)
= users_select_tag("#{issuable.class.table_name.singularize}[assignee_id]", placeholder: 'Select assignee', class: 'custom-form-control js-select2 js-assignee', selected: issuable.assignee_id, project: @target_project, null_user: true)
%div.prepend-top-20.clearfix
......@@ -24,7 +24,7 @@
- else
none
.issuable-context-selectbox
- if can?(current_user, :"admin_#{issuable.class.to_s.underscore}", @project)
- if can?(current_user, :"admin_#{issuable.to_ability_name}", @project)
= f.select(:milestone_id, milestone_options(issuable), { include_blank: 'Select milestone' }, {class: 'select2 select2-compact js-select2 js-milestone'})
= hidden_field_tag :issuable_context
= f.submit class: 'btn hide'
......
......@@ -38,7 +38,7 @@
.clearfix
.error-alert
%hr
- if can?(current_user, :admin_issue, @project)
- if can?(current_user, :"admin_#{issuable.to_ability_name}", @project)
.form-group
.issue-assignee
= f.label :assignee_id, class: 'control-label' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment