From ea6c5c1c0ee8f09fff4dbf02d7bfb65107020996 Mon Sep 17 00:00:00 2001
From: barthc <mackintosh02@gmail.com>
Date: Tue, 27 Sep 2016 15:24:50 +0100
Subject: [PATCH] Fix authored vote from notes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Rémy Coutable <remy@rymai.me>
---
 CHANGELOG.md                         |  1 +
 app/services/notes/create_service.rb |  6 ++++--
 spec/requests/api/notes_spec.rb      | 15 +++++++++++++--
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 909af5fc053..b5525c32465 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
 ## 8.14.0 (2016-11-22)
   - Adds user project membership expired event to clarify why user was removed (Callum Dryden)
   - Trim leading and trailing whitespace on project_path (Linus Thiel)
+  - Prevent award emoji via notes for issues/MRs authored by user (barthc)
   - Fix HipChat notifications rendering (airatshigapov, eisnerd)
   - Add hover to trash icon in notes !7008 (blackst0ne)
   - Simpler arguments passed to named_route on toggle_award_url helper method
diff --git a/app/services/notes/create_service.rb b/app/services/notes/create_service.rb
index a36008c3ef5..723cc0e6834 100644
--- a/app/services/notes/create_service.rb
+++ b/app/services/notes/create_service.rb
@@ -7,8 +7,10 @@ module Notes
 
       if note.award_emoji?
         noteable = note.noteable
-        todo_service.new_award_emoji(noteable, current_user)
-        return noteable.create_award_emoji(note.award_emoji_name, current_user)
+        if noteable.user_can_award?(current_user, note.award_emoji_name)
+          todo_service.new_award_emoji(noteable, current_user)
+          return noteable.create_award_emoji(note.award_emoji_name, current_user)
+        end
       end
 
       # We execute commands (extracted from `params[:note]`) on the noteable
diff --git a/spec/requests/api/notes_spec.rb b/spec/requests/api/notes_spec.rb
index d58bedc3bf7..0124b7271b3 100644
--- a/spec/requests/api/notes_spec.rb
+++ b/spec/requests/api/notes_spec.rb
@@ -221,12 +221,23 @@ describe API::API, api: true  do
         end
       end
 
-      context 'when the user is posting an award emoji' do
+      context 'when the user is posting an award emoji on an issue created by someone else' do
+        let(:issue2) { create(:issue, project: project) }
+
         it 'returns an award emoji' do
+          post api("/projects/#{project.id}/issues/#{issue2.id}/notes", user), body: ':+1:'
+
+          expect(response).to have_http_status(201)
+          expect(json_response['awardable_id']).to eq issue2.id
+        end
+      end
+
+      context 'when the user is posting an award emoji on his/her own issue' do
+        it 'creates a new issue note' do
           post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: ':+1:'
 
           expect(response).to have_http_status(201)
-          expect(json_response['awardable_id']).to eq issue.id
+          expect(json_response['body']).to eq(':+1:')
         end
       end
     end