Add latest changes from gitlab-org/security/gitlab@14-0-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-06-30 11:44:06 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-06-30 11:44:27 +0000
commit: aa5a29806f359945ec3483906a4e40ec71362a61 (patch)
tree: 316da62ab44dcd8fbb4515d7b967605234613384 /app/controllers/ide_controller.rb
parent: 16fa5cf183d9f59a66c1e258ce36cd3f09c8d3fd (diff)
download: gitlab-ce-aa5a29806f359945ec3483906a4e40ec71362a61.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/app/controllers/ide_controller.rb b/app/controllers/ide_controller.rb
index 4c7a91ee602..44beceb4f48 100644
--- a/app/controllers/ide_controller.rb
+++ b/app/controllers/ide_controller.rb
@@ -7,6 +7,8 @@ class IdeController < ApplicationController
   include StaticObjectExternalStorageCSP
   include Gitlab::Utils::StrongMemoize
 
+  before_action :authorize_read_project!
+
   before_action do
     push_frontend_feature_flag(:build_service_proxy)
     push_frontend_feature_flag(:schema_linting)
@@ -22,6 +24,10 @@ class IdeController < ApplicationController
 
   private
 
+  def authorize_read_project!
+    render_404 unless can?(current_user, :read_project, project)
+  end
+
   def define_index_vars
     return unless project
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-06-30 11:44:06 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-06-30 11:44:27 +0000
commit	aa5a29806f359945ec3483906a4e40ec71362a61 (patch)
tree	316da62ab44dcd8fbb4515d7b967605234613384 /app/controllers/ide_controller.rb
parent	16fa5cf183d9f59a66c1e258ce36cd3f09c8d3fd (diff)
download	gitlab-ce-aa5a29806f359945ec3483906a4e40ec71362a61.tar.gz