adds fix for security issue when annonymous user does not have access to repository we now display the activity feed instead of the readme23990-project-show-error-when-empty-repo

author: tiagonbotelho <tiagonbotelho@hotmail.com> 2016-11-16 18:20:05 +0000
committer: tiagonbotelho <tiagonbotelho@hotmail.com> 2016-11-17 12:42:21 +0000
commit: f0ed5fea81b537ae6c0262ed8f6249b47acafcdf (patch)
tree: 080519a566112e60fab728d9ff914d04040375d9 /app/helpers/preferences_helper.rb
parent: c9d93f645aed1fbb9196616afb0110a585882fc1 (diff)
download: gitlab-ce-f0ed5fea81b537ae6c0262ed8f6249b47acafcdf.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/app/helpers/preferences_helper.rb b/app/helpers/preferences_helper.rb
index f7189e0c5a1..6e68aad4cb7 100644
--- a/app/helpers/preferences_helper.rb
+++ b/app/helpers/preferences_helper.rb
@@ -50,7 +50,7 @@ module PreferencesHelper
   end
 
   def default_project_view
-    return annonymous_project_view unless current_user
+    return anonymous_project_view unless current_user
 
     user_view = current_user.project_view
 
@@ -67,7 +67,7 @@ module PreferencesHelper
     end
   end
 
-  def annonymous_project_view
-    @project.empty_repo? ? 'empty' : 'readme'
+  def anonymous_project_view
+    @project.empty_repo? || !can?(current_user, :download_code, @project) ? 'activity' : 'readme'
   end
 end
author	tiagonbotelho <tiagonbotelho@hotmail.com>	2016-11-16 18:20:05 +0000
committer	tiagonbotelho <tiagonbotelho@hotmail.com>	2016-11-17 12:42:21 +0000
commit	f0ed5fea81b537ae6c0262ed8f6249b47acafcdf (patch)
tree	080519a566112e60fab728d9ff914d04040375d9 /app/helpers/preferences_helper.rb
parent	c9d93f645aed1fbb9196616afb0110a585882fc1 (diff)
download	gitlab-ce-f0ed5fea81b537ae6c0262ed8f6249b47acafcdf.tar.gz