Merge branch '36679-non-authorized-user-may-see-wikis-or-pipeline-page' into 'security-10-2'

Fixes project visibility guidelines See merge request gitlab/gitlabhq!2226 (cherry picked from commit 877c42c0aaf3298d6001614c9706bc366ae4014c) e4fd1c26 Ensure project wiki visibility guidelines are met
author: Douwe Maan <douwe@gitlab.com> 2017-11-21 17:58:42 +0000
committer: Michael Kozono <mkozono@gmail.com> 2017-12-08 13:44:36 -0800
commit: d332c8c78a77ee400e01f91fd2c573f12caef21d (patch)
tree: 567f2a4e425d805f487a11426054bd37d43ad3ef /app/controllers/projects_controller.rb
parent: 806a68a81f1baeed07c146b1b5d9eb77796c46ba (diff)
download: gitlab-ce-d332c8c78a77ee400e01f91fd2c573f12caef21d.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 3882fa4791d..8e9d6766d80 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -272,7 +272,7 @@ class ProjectsController < Projects::ApplicationController
 
       render 'projects/empty' if @project.empty_repo?
     else
-      if @project.wiki_enabled?
+      if can?(current_user, :read_wiki, @project)
         @project_wiki = @project.wiki
         @wiki_home = @project_wiki.find_page('home', params[:version_id])
       elsif @project.feature_available?(:issues, current_user)
author	Douwe Maan <douwe@gitlab.com>	2017-11-21 17:58:42 +0000
committer	Michael Kozono <mkozono@gmail.com>	2017-12-08 13:44:36 -0800
commit	d332c8c78a77ee400e01f91fd2c573f12caef21d (patch)
tree	567f2a4e425d805f487a11426054bd37d43ad3ef /app/controllers/projects_controller.rb
parent	806a68a81f1baeed07c146b1b5d9eb77796c46ba (diff)
download	gitlab-ce-d332c8c78a77ee400e01f91fd2c573f12caef21d.tar.gz