Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
c9b4dc67
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
c9b4dc67
编写于
8月 09, 2019
作者:
P
Patrick Derichs
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Filter out old system notes for epics
上级
20920f80
变更
7
隐藏空白更改
内联
并排
Showing
7 changed file
with
16 addition
and
7 deletion
+16
-7
app/controllers/concerns/issuable_actions.rb
app/controllers/concerns/issuable_actions.rb
+1
-1
app/controllers/concerns/notes_actions.rb
app/controllers/concerns/notes_actions.rb
+1
-1
app/models/note.rb
app/models/note.rb
+4
-0
changelogs/unreleased/security-epic-notes-api-reveals-historical-info-ce-master.yml
...rity-epic-notes-api-reveals-historical-info-ce-master.yml
+5
-0
lib/api/discussions.rb
lib/api/discussions.rb
+1
-1
lib/api/helpers/notes_helpers.rb
lib/api/helpers/notes_helpers.rb
+3
-3
lib/api/notes.rb
lib/api/notes.rb
+1
-1
未找到文件。
app/controllers/concerns/issuable_actions.rb
浏览文件 @
c9b4dc67
...
...
@@ -110,7 +110,7 @@ module IssuableActions
end
notes
=
prepare_notes_for_rendering
(
notes
)
notes
=
notes
.
reject
{
|
n
|
n
.
cross_reference_not_
visible_for?
(
current_user
)
}
notes
=
notes
.
select
{
|
n
|
n
.
visible_for?
(
current_user
)
}
discussions
=
Discussion
.
build_collection
(
notes
,
issuable
)
...
...
app/controllers/concerns/notes_actions.rb
浏览文件 @
c9b4dc67
...
...
@@ -29,7 +29,7 @@ module NotesActions
end
notes
=
prepare_notes_for_rendering
(
notes
)
notes
=
notes
.
reject
{
|
n
|
n
.
cross_reference_not_
visible_for?
(
current_user
)
}
notes
=
notes
.
select
{
|
n
|
n
.
visible_for?
(
current_user
)
}
notes_json
[
:notes
]
=
if
use_note_serializer?
...
...
app/models/note.rb
浏览文件 @
c9b4dc67
...
...
@@ -331,6 +331,10 @@ class Note < ApplicationRecord
cross_reference?
&&
!
all_referenced_mentionables_allowed?
(
user
)
end
def
visible_for?
(
user
)
!
cross_reference_not_visible_for?
(
user
)
end
def
award_emoji?
can_be_award_emoji?
&&
contains_emoji_only?
end
...
...
changelogs/unreleased/security-epic-notes-api-reveals-historical-info-ce-master.yml
0 → 100644
浏览文件 @
c9b4dc67
---
title
:
Filter out old system notes for epics in notes api endpoint response
merge_request
:
author
:
type
:
security
lib/api/discussions.rb
浏览文件 @
c9b4dc67
...
...
@@ -239,7 +239,7 @@ module API
# because notes are redacted if they point to projects that
# cannot be accessed by the user.
notes
=
prepare_notes_for_rendering
(
notes
)
notes
.
reject
{
|
n
|
n
.
cross_reference_not_
visible_for?
(
current_user
)
}
notes
.
select
{
|
n
|
n
.
visible_for?
(
current_user
)
}
end
# rubocop: enable CodeReuse/ActiveRecord
end
...
...
lib/api/helpers/notes_helpers.rb
浏览文件 @
c9b4dc67
...
...
@@ -12,7 +12,7 @@ module API
end
def
update_note
(
noteable
,
note_id
)
note
=
noteable
.
notes
.
find
(
params
[
:note_id
]
)
note
=
noteable
.
notes
.
find
(
note_id
)
authorize!
:admin_note
,
note
...
...
@@ -61,8 +61,8 @@ module API
end
def
get_note
(
noteable
,
note_id
)
note
=
noteable
.
notes
.
with_metadata
.
find
(
params
[
:note_id
]
)
can_read_note
=
!
note
.
cross_reference_not_
visible_for?
(
current_user
)
note
=
noteable
.
notes
.
with_metadata
.
find
(
note_id
)
can_read_note
=
note
.
visible_for?
(
current_user
)
if
can_read_note
present
note
,
with:
Entities
::
Note
...
...
lib/api/notes.rb
浏览文件 @
c9b4dc67
...
...
@@ -42,7 +42,7 @@ module API
# array returned, but this is really a edge-case.
notes
=
paginate
(
raw_notes
)
notes
=
prepare_notes_for_rendering
(
notes
)
notes
=
notes
.
reject
{
|
n
|
n
.
cross_reference_not_
visible_for?
(
current_user
)
}
notes
=
notes
.
select
{
|
note
|
note
.
visible_for?
(
current_user
)
}
present
notes
,
with:
Entities
::
Note
end
# rubocop: enable CodeReuse/ActiveRecord
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录