fix #35290 Make read-only API for public merge requests available without authentication

author: haseeb <haseebeqx@gmail.com> 2017-09-18 17:29:17 +0000
committer: Rémy Coutable <remy@rymai.me> 2017-09-18 17:29:17 +0000
commit: ff4e81e0aec38c26e75d960c3d2af9329576ca32 (patch)
tree: 6903ef4fa30d5d467af3a9386423fcb7aeabb731 /app/finders
parent: 8d568fe324dbf753e99e8f63df8f4cb1b484270d (diff)
download: gitlab-ce-ff4e81e0aec38c26e75d960c3d2af9329576ca32.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/app/finders/issuable_finder.rb b/app/finders/issuable_finder.rb
index 9848497f258..0a2e3c709d9 100644
--- a/app/finders/issuable_finder.rb
+++ b/app/finders/issuable_finder.rb
@@ -244,6 +244,8 @@ class IssuableFinder
   end
 
   def by_scope(items)
+    return items.none if current_user_related? && !current_user
+
     case params[:scope]
     when 'created-by-me', 'authored'
       items.where(author_id: current_user.id)
author	haseeb <haseebeqx@gmail.com>	2017-09-18 17:29:17 +0000
committer	Rémy Coutable <remy@rymai.me>	2017-09-18 17:29:17 +0000
commit	ff4e81e0aec38c26e75d960c3d2af9329576ca32 (patch)
tree	6903ef4fa30d5d467af3a9386423fcb7aeabb731 /app/finders
parent	8d568fe324dbf753e99e8f63df8f4cb1b484270d (diff)
download	gitlab-ce-ff4e81e0aec38c26e75d960c3d2af9329576ca32.tar.gz