Commit graph

8 commits

Author SHA1 Message Date
Sean McGivern
c1892f6c90 Remove the comment_personal_snippet permission
This is now entirely handled by `create_note`:

1. Project snippets prevent `create_note`.
2. Uploads already only support routing for personal snippets.

This simplifies some policies and access checks, too!
2019-05-02 11:13:42 +01:00
Heinrich Lee Yu
35b8f103a8
Prevent comments by email when issue is locked
This changes the permission check so it uses the policy on Noteable
instead of Project. This prevents bypassing of rules defined in
Noteable for locked discussions and confidential issues.

Also rechecks permissions when reply_to_discussion_id is provided since the
discussion_id may be from a different noteable.
2019-01-31 16:52:48 +01:00
Patrick Bajao
40900669b3 Allow admins/auditors to read private personal snippets 2019-01-24 12:44:46 +00:00
Bob Van Landuyt
04c7d0d555 Prevent awarding emoji when a project is archived
This prevents performing the requests, and disables all emoji reaction buttons
2018-04-11 10:51:43 +02:00
Douwe Maan
5e9e56924a Merge branch 'security-10-4-25223-snippets-finder-doesnt-obey-feature-visibility' into 'security-10-4'
[Port for security-10-4]: Makes SnippetFinder ensure feature visibility
2018-02-09 12:04:05 -06:00
Rémy Coutable
ddccd24c13 Remove superfluous lib: true, type: redis, service: true, models: true, services: true, no_db: true, api: true
Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-07-27 14:31:53 +02:00
http://jneen.net/
963b374dc7 update the specs to not require a set to be returned 2017-06-27 12:41:54 -07:00
Jarka Kadlecova
43ff738641 Support uploaders for personal snippets comments 2017-05-02 15:22:24 +02:00