diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-30 11:44:06 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-30 11:44:27 +0000 |
commit | aa5a29806f359945ec3483906a4e40ec71362a61 (patch) | |
tree | 316da62ab44dcd8fbb4515d7b967605234613384 /app/controllers | |
parent | 16fa5cf183d9f59a66c1e258ce36cd3f09c8d3fd (diff) | |
download | gitlab-ce-aa5a29806f359945ec3483906a4e40ec71362a61.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-0-stable-ee
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/ide_controller.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/app/controllers/ide_controller.rb b/app/controllers/ide_controller.rb index 4c7a91ee602..44beceb4f48 100644 --- a/app/controllers/ide_controller.rb +++ b/app/controllers/ide_controller.rb @@ -7,6 +7,8 @@ class IdeController < ApplicationController include StaticObjectExternalStorageCSP include Gitlab::Utils::StrongMemoize + before_action :authorize_read_project! + before_action do push_frontend_feature_flag(:build_service_proxy) push_frontend_feature_flag(:schema_linting) @@ -22,6 +24,10 @@ class IdeController < ApplicationController private + def authorize_read_project! + render_404 unless can?(current_user, :read_project, project) + end + def define_index_vars return unless project |