diff options
author | Valery Sizov <valery@gitlab.com> | 2014-10-24 19:24:49 +0300 |
---|---|---|
committer | Valery Sizov <valery@gitlab.com> | 2014-10-24 19:39:14 +0300 |
commit | 7f97a1277de78bcd86d68978e9ec29a2548fc144 (patch) | |
tree | 069c947e915f60dbc4148a4d972a5ee4aeb7e2e2 | |
parent | 9712fbcdd366c173e2ec277a617a4e690f6a86e9 (diff) | |
download | gitlab-ce-7f97a1277de78bcd86d68978e9ec29a2548fc144.tar.gz |
internal snippets: fix exposing of title
-rw-r--r-- | CHANGELOG | 5 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | app/finders/snippets_finder.rb | 2 | ||||
-rw-r--r-- | spec/finders/snippets_finder_spec.rb | 7 |
4 files changed, 15 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index 5a494cccc69..4428bae4ebd 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,11 @@ +v 7.4.2 + - Fix internal snippet exposing for unauthenticated users + v 7.4.1 - Fix LDAP authentication for Git HTTP access - Fix LDAP config lookup for provider 'ldap' + - Fix public snippets + - Fix 500 error on projects with nested submodules v 7.4.0 - Refactored membership logic @@ -1 +1 @@ -7.4.1 +7.4.2 diff --git a/app/finders/snippets_finder.rb b/app/finders/snippets_finder.rb index b29ab6cf40b..4b0c69f2d2f 100644 --- a/app/finders/snippets_finder.rb +++ b/app/finders/snippets_finder.rb @@ -29,6 +29,8 @@ class SnippetsFinder def by_user(current_user, user, scope) snippets = user.snippets.fresh.non_expired + return snippets.are_public unless current_user + if user == current_user case scope when 'are_internal' then diff --git a/spec/finders/snippets_finder_spec.rb b/spec/finders/snippets_finder_spec.rb index 5af76968183..c645cbc964c 100644 --- a/spec/finders/snippets_finder_spec.rb +++ b/spec/finders/snippets_finder_spec.rb @@ -64,6 +64,13 @@ describe SnippetsFinder do snippets = SnippetsFinder.new.execute(user, filter: :by_user, user: user) snippets.should include(@snippet1, @snippet2, @snippet3) end + + it "returns only public snippets if unauthenticated user" do + snippets = SnippetsFinder.new.execute(nil, filter: :by_user, user: user) + snippets.should include(@snippet3) + snippets.should_not include(@snippet2, @snippet1) + end + end context 'by_project filter' do |