gitlab-org--gitlab-foss/app/policies/issue_policy.rb

class IssuePolicy < IssuablePolicy
  # This class duplicates the same check of Issue#readable_by? for performance reasons
  # Make sure to sync this class checks with issue.rb to avoid security problems.
  # Check commit 002ad215818450d2cbbc5fa065850a953dc7ada8 for more information.

  desc "User can read confidential issues"
  condition(:can_read_confidential) do
    @user && IssueCollection.new([@subject]).visible_to(@user).any?
  end

  desc "Issue is confidential"
  condition(:confidential, scope: :subject) { @subject.confidential? }

  rule { confidential & ~can_read_confidential }.policy do
    prevent :read_issue
    prevent :update_issue
    prevent :admin_issue
  end
end
port issues to Issu{able,e}Policy 2016-08-16 14:10:34 -04:00			`class IssuePolicy < IssuablePolicy`
Merge branch 'issue_23548_dev' into 'master' disable markdown in comments when referencing disabled features fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23548 This MR prevents the following references when tool is disabled: - issues - snippets - commits - when repo is disabled - commit range - when repo is disabled - milestones This MR does not prevent references to repository files, since they are just markdown links and don't leak information. See merge request !2011 Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-11-01 16:18:51 -04:00			`# This class duplicates the same check of Issue#readable_by? for performance reasons`
			`# Make sure to sync this class checks with issue.rb to avoid security problems.`
			`# Check commit 002ad215818450d2cbbc5fa065850a953dc7ada8 for more information.`

convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`desc "User can read confidential issues"`
			`condition(:can_read_confidential) do`
			`@user && IssueCollection.new([@subject]).visible_to(@user).any?`
port issues to Issu{able,e}Policy 2016-08-16 14:10:34 -04:00			`end`

convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`desc "Issue is confidential"`
			`condition(:confidential, scope: :subject) { @subject.confidential? }`
port issues to Issu{able,e}Policy 2016-08-16 14:10:34 -04:00
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`rule { confidential & ~can_read_confidential }.policy do`
			`prevent :read_issue`
			`prevent :update_issue`
			`prevent :admin_issue`
port issues to Issu{able,e}Policy 2016-08-16 14:10:34 -04:00			`end`
			`end`