diff options
| author | drew cimino <dcimino@gitlab.com> | 2019-07-22 14:16:15 -0400 |
|---|---|---|
| committer | drew cimino <dcimino@gitlab.com> | 2019-08-12 17:39:32 -0400 |
| commit | 1c7c91806d4b9866f512f50f36c9c74b48cb8229 (patch) | |
| tree | d1379e0898f0fbba22fb1fe3fd3731aae7970de2 /app/controllers | |
| parent | 975763607443fad50e192411ad1da06ebb2ff532 (diff) | |
| download | gitlab-ce-1c7c91806d4b9866f512f50f36c9c74b48cb8229.tar.gz | |
Permission fix for MergeRequestsController#pipeline_status
- Use set_pipeline_variables to filter for visible pipelines
- Mimic response of nonexistent pipeline if not found
- Provide set_pipeline_variables as a before_filter for other actions
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/projects/merge_requests_controller.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index f4d381244d9..ee755d68cf1 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -188,7 +188,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo def pipeline_status render json: PipelineSerializer .new(project: @project, current_user: @current_user) - .represent_status(@merge_request.head_pipeline) + .represent_status(head_pipeline) end def ci_environments_status @@ -238,6 +238,13 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo private + def head_pipeline + strong_memoize(:head_pipeline) do + pipeline = @merge_request.head_pipeline + pipeline if can?(current_user, :read_pipeline, pipeline) + end + end + def ci_environments_status_on_merge_result? params[:environment_target] == 'merge_commit' end |