Do not expose trigger token when user should not see it

author: Grzegorz Bizon <grzesiek.bizon@gmail.com> 2018-12-19 14:15:58 +0100
committer: Yorick Peterse <yorickpeterse@gmail.com> 2019-01-31 16:51:17 +0100
commit: 084b7edb17d25a3d43526cca560569dd82c5c09d (patch)
tree: eff6234322aec4cb438d4751bb7adb1c19cfd5cc /app/controllers/projects/triggers_controller.rb
parent: 9f67b886b2cf425329a4dc792e6c41cf571ab102 (diff)
download: gitlab-ce-084b7edb17d25a3d43526cca560569dd82c5c09d.tar.gz
1 files changed, 3 insertions, 4 deletions
diff --git a/app/controllers/projects/triggers_controller.rb b/app/controllers/projects/triggers_controller.rb
index f5fdfb8accc..c7b4ebb2b24 100644
--- a/app/controllers/projects/triggers_controller.rb
+++ b/app/controllers/projects/triggers_controller.rb
@@ -66,12 +66,11 @@ class Projects::TriggersController < Projects::ApplicationController
   end
 
   def trigger
-    @trigger ||= project.triggers.find(params[:id]) || render_404
+    @trigger ||= project.triggers.find(params[:id])
+      .present(current_user: current_user)
   end
 
   def trigger_params
-    params.require(:trigger).permit(
-      :description
-    )
+    params.require(:trigger).permit(:description)
   end
 end
author	Grzegorz Bizon <grzesiek.bizon@gmail.com>	2018-12-19 14:15:58 +0100
committer	Yorick Peterse <yorickpeterse@gmail.com>	2019-01-31 16:51:17 +0100
commit	084b7edb17d25a3d43526cca560569dd82c5c09d (patch)
tree	eff6234322aec4cb438d4751bb7adb1c19cfd5cc /app/controllers/projects/triggers_controller.rb
parent	9f67b886b2cf425329a4dc792e6c41cf571ab102 (diff)
download	gitlab-ce-084b7edb17d25a3d43526cca560569dd82c5c09d.tar.gz