Commit 0b7c4fe0 authored by Douwe Maan's avatar Douwe Maan

Don't include users without project access in participants.

parent fb86ec51
...@@ -44,7 +44,7 @@ v 7.11.0 (unreleased) ...@@ -44,7 +44,7 @@ v 7.11.0 (unreleased)
- Fix bug where avatar filenames were not actually deleted from the database during removal (Stan Hu) - Fix bug where avatar filenames were not actually deleted from the database during removal (Stan Hu)
- Fix bug where Slack service channel was not saved in admin template settings. (Stan Hu) - Fix bug where Slack service channel was not saved in admin template settings. (Stan Hu)
- Protect OmniAuth request phase against CSRF. - Protect OmniAuth request phase against CSRF.
- - Don't send notifications to mentioned users that don't have access to the project in question.
- -
- Move snippets UI to fluid layout - Move snippets UI to fluid layout
- Improve UI for sidebar. Increase separation between navigation and content - Improve UI for sidebar. Increase separation between navigation and content
......
...@@ -35,8 +35,8 @@ module Participable ...@@ -35,8 +35,8 @@ module Participable
end end
end end
def participants(current_user = self.author) def participants(current_user = self.author, project = self.project)
self.class.participant_attrs.flat_map do |attr| participants = self.class.participant_attrs.flat_map do |attr|
meth = method(attr) meth = method(attr)
value = value =
...@@ -46,20 +46,28 @@ module Participable ...@@ -46,20 +46,28 @@ module Participable
meth.call meth.call
end end
participants_for(value, current_user) participants_for(value, current_user, project)
end.compact.uniq end.compact.uniq
if project
participants.select! do |user|
user.can?(:read_project, project)
end
end
participants
end end
private private
def participants_for(value, current_user = nil) def participants_for(value, current_user = nil, project = nil)
case value case value
when User when User
[value] [value]
when Enumerable, ActiveRecord::Relation when Enumerable, ActiveRecord::Relation
value.flat_map { |v| participants_for(v, current_user) } value.flat_map { |v| participants_for(v, current_user, project) }
when Participable when Participable
value.participants(current_user) value.participants(current_user, project)
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment