Don't include users without project access in participants.
This commit is contained in:
parent
fb86ec519c
commit
0b7c4fe048
|
@ -44,7 +44,7 @@ v 7.11.0 (unreleased)
|
|||
- Fix bug where avatar filenames were not actually deleted from the database during removal (Stan Hu)
|
||||
- Fix bug where Slack service channel was not saved in admin template settings. (Stan Hu)
|
||||
- Protect OmniAuth request phase against CSRF.
|
||||
-
|
||||
- Don't send notifications to mentioned users that don't have access to the project in question.
|
||||
-
|
||||
- Move snippets UI to fluid layout
|
||||
- Improve UI for sidebar. Increase separation between navigation and content
|
||||
|
|
|
@ -35,8 +35,8 @@ module Participable
|
|||
end
|
||||
end
|
||||
|
||||
def participants(current_user = self.author)
|
||||
self.class.participant_attrs.flat_map do |attr|
|
||||
def participants(current_user = self.author, project = self.project)
|
||||
participants = self.class.participant_attrs.flat_map do |attr|
|
||||
meth = method(attr)
|
||||
|
||||
value =
|
||||
|
@ -46,20 +46,28 @@ module Participable
|
|||
meth.call
|
||||
end
|
||||
|
||||
participants_for(value, current_user)
|
||||
participants_for(value, current_user, project)
|
||||
end.compact.uniq
|
||||
|
||||
if project
|
||||
participants.select! do |user|
|
||||
user.can?(:read_project, project)
|
||||
end
|
||||
end
|
||||
|
||||
participants
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def participants_for(value, current_user = nil)
|
||||
def participants_for(value, current_user = nil, project = nil)
|
||||
case value
|
||||
when User
|
||||
[value]
|
||||
when Enumerable, ActiveRecord::Relation
|
||||
value.flat_map { |v| participants_for(v, current_user) }
|
||||
value.flat_map { |v| participants_for(v, current_user, project) }
|
||||
when Participable
|
||||
value.participants(current_user)
|
||||
value.participants(current_user, project)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue