Add latest changes from gitlab-org/security/gitlab@13-8-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-02-01 08:59:34 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-02-01 08:59:34 +0000
commit: 41b1c0469dba622a1c2c67c17f1f5e491573accf (patch)
tree: 09f095297054f3f5077059ded4cd066bd257e052 /app/controllers/projects/releases_controller.rb
parent: 7248f8bff5a90f3ff570c368310c361e1f4e9092 (diff)
download: gitlab-ce-41b1c0469dba622a1c2c67c17f1f5e491573accf.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/app/controllers/projects/releases_controller.rb b/app/controllers/projects/releases_controller.rb
index a6e795a2b91..614bada09ed 100644
--- a/app/controllers/projects/releases_controller.rb
+++ b/app/controllers/projects/releases_controller.rb
@@ -5,6 +5,9 @@ class Projects::ReleasesController < Projects::ApplicationController
   before_action :require_non_empty_project, except: [:index]
   before_action :release, only: %i[edit show update downloads]
   before_action :authorize_read_release!
+  # We have to check `download_code` permission because detail URL path
+  # contains git-tag name.
+  before_action :authorize_download_code!, except: [:index]
   before_action do
     push_frontend_feature_flag(:graphql_release_data, project, default_enabled: true)
     push_frontend_feature_flag(:graphql_milestone_stats, project, default_enabled: true)
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-02-01 08:59:34 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-02-01 08:59:34 +0000
commit	41b1c0469dba622a1c2c67c17f1f5e491573accf (patch)
tree	09f095297054f3f5077059ded4cd066bd257e052 /app/controllers/projects/releases_controller.rb
parent	7248f8bff5a90f3ff570c368310c361e1f4e9092 (diff)
download	gitlab-ce-41b1c0469dba622a1c2c67c17f1f5e491573accf.tar.gz