Commit 871723da authored by Stan Hu's avatar Stan Hu

Incorporate review comments

parent d1ea2bca
...@@ -71,7 +71,7 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -71,7 +71,7 @@ class Projects::IssuesController < Projects::ApplicationController
@note = @project.notes.new(noteable: @issue) @note = @project.notes.new(noteable: @issue)
@noteable = @issue @noteable = @issue
preload_max_access_for_authors(@notes, @project) if @notes preload_max_access_for_authors(@notes, @project)
respond_to do |format| respond_to do |format|
format.html format.html
......
...@@ -387,7 +387,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController ...@@ -387,7 +387,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
@ref @ref
) )
preload_max_access_for_authors(@notes, @project) if @notes preload_max_access_for_authors(@notes, @project)
end end
def define_widget_vars def define_widget_vars
......
...@@ -389,10 +389,8 @@ class Ability ...@@ -389,10 +389,8 @@ class Ability
end end
def can_edit_note?(user, note) def can_edit_note?(user, note)
return false unless note.editable? return false if !note.editable? || !user.present?
return false unless user.present? return true if note.author == user || user.admin?
return true if note.author == user
return true if user.admin?
if note.project if note.project
max_access_level = note.project.team.max_member_access(user.id) max_access_level = note.project.team.max_member_access(user.id)
......
...@@ -53,6 +53,10 @@ class Member < ActiveRecord::Base ...@@ -53,6 +53,10 @@ class Member < ActiveRecord::Base
default_value_for :notification_level, NotificationSetting.levels[:global] default_value_for :notification_level, NotificationSetting.levels[:global]
class << self class << self
def access_for_user_ids(user_ids)
where(user_id: user_ids).has_access.pluck(:user_id, :access_level).to_h
end
def find_by_invite_token(invite_token) def find_by_invite_token(invite_token)
invite_token = Devise.token_generator.digest(self, :invite_token, invite_token) invite_token = Devise.token_generator.digest(self, :invite_token, invite_token)
find_by(invite_token: invite_token) find_by(invite_token: invite_token)
......
...@@ -138,20 +138,20 @@ class ProjectTeam ...@@ -138,20 +138,20 @@ class ProjectTeam
def max_member_access_for_user_ids(user_ids) def max_member_access_for_user_ids(user_ids)
user_ids = user_ids.uniq user_ids = user_ids.uniq
key = "max_member_access:#{project.id}" key = "max_member_access:#{project.id}"
RequestStore.store[key] ||= Hash.new RequestStore.store[key] ||= {}
access = RequestStore.store[key] access = RequestStore.store[key]
# Lookup only the IDs we need # Lookup only the IDs we need
user_ids = user_ids - access.keys user_ids = user_ids - access.keys
if user_ids.present? if user_ids.present?
user_ids.map { |id| access[id] = Gitlab::Access::NO_ACCESS } user_ids.each { |id| access[id] = Gitlab::Access::NO_ACCESS }
member_access = project.members.where(user_id: user_ids).has_access.pluck(:user_id, :access_level).to_h member_access = project.members.access_for_user_ids(user_ids)
merge_max!(access, member_access) merge_max!(access, member_access)
if group if group
group_access = group.members.where(user_id: user_ids).has_access.pluck(:user_id, :access_level).to_h group_access = group.members.access_for_user_ids(user_ids)
merge_max!(access, group_access) merge_max!(access, group_access)
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment