debian-mirror-gitlab/app/policies/issue_policy.rb

class IssuePolicy < IssuablePolicy
  # This class duplicates the same check of Issue#readable_by? for performance reasons
  # Make sure to sync this class checks with issue.rb to avoid security problems.
  # Check commit 002ad215818450d2cbbc5fa065850a953dc7ada8 for more information.

  def issue
    @subject
  end

  def rules
    super

    if @subject.confidential? && !can_read_confidential?
      cannot! :read_issue
      cannot! :update_issue
      cannot! :admin_issue
    end
  end

  private

  def can_read_confidential?
    return false unless @user

    IssueCollection.new([@subject]).visible_to(@user).any?
  end
end
New upstream version 8.12.1+dfsg1 2016-09-29 09:46:39 +05:30			`class IssuePolicy < IssuablePolicy`
New upstream version 8.13.6+dfsg1 2016-11-24 13:41:30 +05:30			`# This class duplicates the same check of Issue#readable_by? for performance reasons`
			`# Make sure to sync this class checks with issue.rb to avoid security problems.`
			`# Check commit 002ad215818450d2cbbc5fa065850a953dc7ada8 for more information.`

New upstream version 8.12.1+dfsg1 2016-09-29 09:46:39 +05:30			`def issue`
			`@subject`
			`end`

			`def rules`
			`super`

			`if @subject.confidential? && !can_read_confidential?`
			`cannot! :read_issue`
			`cannot! :update_issue`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`cannot! :admin_issue`
New upstream version 8.12.1+dfsg1 2016-09-29 09:46:39 +05:30			`end`
			`end`

			`private`

			`def can_read_confidential?`
			`return false unless @user`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`IssueCollection.new([@subject]).visible_to(@user).any?`
New upstream version 8.12.1+dfsg1 2016-09-29 09:46:39 +05:30			`end`
			`end`