Commit e62b5a2b authored by Douwe Maan's avatar Douwe Maan

Only allow user to see participants from groups they have access to.

parent 756e7aa8
...@@ -118,16 +118,16 @@ module Issuable ...@@ -118,16 +118,16 @@ module Issuable
end end
# Return all users participating on the discussion # Return all users participating on the discussion
def participants def participants(current_user = self.author)
users = [] users = []
users << author users << author
users << assignee if is_assigned? users << assignee if is_assigned?
mentions = [] mentions = []
mentions << self.mentioned_users mentions << self.mentioned_users(current_user)
notes.each do |note| notes.each do |note|
users << note.author users << note.author
mentions << note.mentioned_users mentions << note.mentioned_users(current_user)
end end
users.concat(mentions.reduce([], :|)).uniq users.concat(mentions.reduce([], :|)).uniq
...@@ -140,7 +140,7 @@ module Issuable ...@@ -140,7 +140,7 @@ module Issuable
return subscription.subscribed return subscription.subscribed
end end
participants.include?(user) participants(user).include?(user)
end end
def toggle_subscription(user) def toggle_subscription(user)
......
...@@ -42,10 +42,10 @@ module Mentionable ...@@ -42,10 +42,10 @@ module Mentionable
Note.cross_reference_exists?(target, local_reference) Note.cross_reference_exists?(target, local_reference)
end end
def mentioned_users def mentioned_users(current_user = nil)
return [] if mentionable_text.blank? return [] if mentionable_text.blank?
ext = Gitlab::ReferenceExtractor.new(self.project) ext = Gitlab::ReferenceExtractor.new(self.project, current_user)
ext.analyze(text) ext.analyze(text)
ext.users.uniq ext.users.uniq
end end
......
...@@ -21,10 +21,10 @@ module Projects ...@@ -21,10 +21,10 @@ module Projects
users = case type users = case type
when "Issue" when "Issue"
issue = @project.issues.find_by_iid(id) issue = @project.issues.find_by_iid(id)
issue ? issue.participants : [] issue ? issue.participants(user) : []
when "MergeRequest" when "MergeRequest"
merge_request = @project.merge_requests.find_by_iid(id) merge_request = @project.merge_requests.find_by_iid(id)
merge_request ? merge_request.participants : [] merge_request ? merge_request.participants(user) : []
when "Commit" when "Commit"
author_ids = Note.for_commit_id(id).pluck(:author_id).uniq author_ids = Note.for_commit_id(id).pluck(:author_id).uniq
User.where(id: author_ids) User.where(id: author_ids)
......
...@@ -9,8 +9,8 @@ ...@@ -9,8 +9,8 @@
.votes-holder.pull-right .votes-holder.pull-right
#votes= render 'votes/votes_block', votable: @issue #votes= render 'votes/votes_block', votable: @issue
.participants .participants
%span= pluralize(@issue.participants.count, 'participant') %span= pluralize(@issue.participants(current_user).count, 'participant')
- @issue.participants.each do |participant| - @issue.participants(current_user).each do |participant|
= link_to_member(@project, participant, name: false, size: 24) = link_to_member(@project, participant, name: false, size: 24)
.voting_notes#notes= render "projects/notes/notes_with_form" .voting_notes#notes= render "projects/notes/notes_with_form"
%aside.col-md-3 %aside.col-md-3
......
.participants .participants
%span #{@merge_request.participants.count} participants %span #{@merge_request.participants(current_user).count} participants
- @merge_request.participants.each do |participant| - @merge_request.participants(current_user).each do |participant|
= link_to_member(@project, participant, name: false, size: 24) = link_to_member(@project, participant, name: false, size: 24)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment