• Heinrich Lee Yu's avatar
    Prevent comments by email when issue is locked · 2ec7bc07
    Heinrich Lee Yu authored
    This changes the permission check so it uses the policy on Noteable
    instead of Project. This prevents bypassing of rules defined in
    Noteable for locked discussions and confidential issues.
    
    Also rechecks permissions when reply_to_discussion_id is provided since the
    discussion_id may be from a different noteable.
    2ec7bc07
security-2779-fix-email-comment-permissions-check.yml 120 Bytes