44 lines
1.1 KiB
Ruby
44 lines
1.1 KiB
Ruby
require 'gitlab/markdown'
|
|
require 'html/pipeline/filter'
|
|
|
|
module Gitlab
|
|
module Markdown
|
|
# HTML filter that removes references to records that the current user does
|
|
# not have permission to view.
|
|
#
|
|
# Expected to be run in its own post-processing pipeline.
|
|
#
|
|
class RedactorFilter < HTML::Pipeline::Filter
|
|
def call
|
|
doc.css('a.gfm').each do |node|
|
|
unless user_can_reference?(node)
|
|
# The reference should be replaced by the original text,
|
|
# which is not always the same as the rendered text.
|
|
text = node.attr('data-original') || node.text
|
|
node.replace(text)
|
|
end
|
|
end
|
|
|
|
doc
|
|
end
|
|
|
|
private
|
|
|
|
def user_can_reference?(node)
|
|
if node.has_attribute?('data-reference-filter')
|
|
reference_type = node.attr('data-reference-filter')
|
|
reference_filter = Gitlab::Markdown.const_get(reference_type)
|
|
|
|
reference_filter.user_can_reference?(current_user, node, context)
|
|
else
|
|
true
|
|
end
|
|
end
|
|
|
|
def current_user
|
|
context[:current_user]
|
|
end
|
|
end
|
|
end
|
|
end
|