Don't include users without project access in participants.
This commit is contained in:
parent
fb86ec519c
commit
0b7c4fe048
|
@ -44,7 +44,7 @@ v 7.11.0 (unreleased)
|
||||||
- Fix bug where avatar filenames were not actually deleted from the database during removal (Stan Hu)
|
- Fix bug where avatar filenames were not actually deleted from the database during removal (Stan Hu)
|
||||||
- Fix bug where Slack service channel was not saved in admin template settings. (Stan Hu)
|
- Fix bug where Slack service channel was not saved in admin template settings. (Stan Hu)
|
||||||
- Protect OmniAuth request phase against CSRF.
|
- Protect OmniAuth request phase against CSRF.
|
||||||
-
|
- Don't send notifications to mentioned users that don't have access to the project in question.
|
||||||
-
|
-
|
||||||
- Move snippets UI to fluid layout
|
- Move snippets UI to fluid layout
|
||||||
- Improve UI for sidebar. Increase separation between navigation and content
|
- Improve UI for sidebar. Increase separation between navigation and content
|
||||||
|
|
|
@ -35,8 +35,8 @@ module Participable
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def participants(current_user = self.author)
|
def participants(current_user = self.author, project = self.project)
|
||||||
self.class.participant_attrs.flat_map do |attr|
|
participants = self.class.participant_attrs.flat_map do |attr|
|
||||||
meth = method(attr)
|
meth = method(attr)
|
||||||
|
|
||||||
value =
|
value =
|
||||||
|
@ -46,20 +46,28 @@ module Participable
|
||||||
meth.call
|
meth.call
|
||||||
end
|
end
|
||||||
|
|
||||||
participants_for(value, current_user)
|
participants_for(value, current_user, project)
|
||||||
end.compact.uniq
|
end.compact.uniq
|
||||||
|
|
||||||
|
if project
|
||||||
|
participants.select! do |user|
|
||||||
|
user.can?(:read_project, project)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
participants
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def participants_for(value, current_user = nil)
|
def participants_for(value, current_user = nil, project = nil)
|
||||||
case value
|
case value
|
||||||
when User
|
when User
|
||||||
[value]
|
[value]
|
||||||
when Enumerable, ActiveRecord::Relation
|
when Enumerable, ActiveRecord::Relation
|
||||||
value.flat_map { |v| participants_for(v, current_user) }
|
value.flat_map { |v| participants_for(v, current_user, project) }
|
||||||
when Participable
|
when Participable
|
||||||
value.participants(current_user)
|
value.participants(current_user, project)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue