summaryrefslogtreecommitdiff
path: root/app/finders
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-12-04 16:53:44 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-12-04 16:53:44 +0000
commit4e3a54f835daa49bf784d6e6ad91e90116a24dc8 (patch)
tree8e1f7be7a80da2de02b2da0ed88f81b2f6b6de8c /app/finders
parentaefe6486cf0d193067112b90145083d73b96bfef (diff)
downloadgitlab-ce-4e3a54f835daa49bf784d6e6ad91e90116a24dc8.tar.gz
Add latest changes from gitlab-org/security/gitlab@13-6-stable-ee
Diffstat (limited to 'app/finders')
-rw-r--r--app/finders/starred_projects_finder.rb11
1 files changed, 11 insertions, 0 deletions
diff --git a/app/finders/starred_projects_finder.rb b/app/finders/starred_projects_finder.rb
index fcb469d1d17..e209960c471 100644
--- a/app/finders/starred_projects_finder.rb
+++ b/app/finders/starred_projects_finder.rb
@@ -1,11 +1,22 @@
# frozen_string_literal: true
class StarredProjectsFinder < ProjectsFinder
+ include Gitlab::Allowable
+
def initialize(user, params: {}, current_user: nil)
+ @user = user
+
super(
params: params,
current_user: current_user,
project_ids_relation: user.starred_projects.select(:id)
)
end
+
+ def execute
+ # Do not show starred projects if the user has a private profile.
+ return Project.none unless can?(current_user, :read_user_profile, @user)
+
+ super
+ end
end