Merge branch 'fix-unathorized-cloning' into 'security'

Ensure external users are not able to clone disabled repositories. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23788 See merge request !2017 Signed-off-by: Rémy Coutable <remy@rymai.me>
author: Douwe Maan <douwe@gitlab.com> 2016-11-02 21:50:44 +0000
committer: Rémy Coutable <remy@rymai.me> 2016-11-09 12:27:17 +0100
commit: b0bf92140f469db90ef378fd42a6f65eee1d4633 (patch)
tree: ef70b549ced2aca1b92a9f463014707b393c58b0 /app/helpers
parent: a14ee68fe4815d2906ece670bcc333303fd3c816 (diff)
download: gitlab-ce-b0bf92140f469db90ef378fd42a6f65eee1d4633.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/app/helpers/lfs_helper.rb b/app/helpers/lfs_helper.rb
index 95b60aeab5f..d3966ba1f10 100644
--- a/app/helpers/lfs_helper.rb
+++ b/app/helpers/lfs_helper.rb
@@ -1,6 +1,6 @@
 module LfsHelper
   include Gitlab::Routing.url_helpers
-  
+
   def require_lfs_enabled!
     return if Gitlab.config.lfs.enabled
 
@@ -27,7 +27,7 @@ module LfsHelper
   def lfs_download_access?
     return false unless project.lfs_enabled?
 
-    project.public? || ci? || lfs_deploy_token? || user_can_download_code? || build_can_download_code?
+    ci? || lfs_deploy_token? || user_can_download_code? || build_can_download_code?
   end
 
   def user_can_download_code?
author	Douwe Maan <douwe@gitlab.com>	2016-11-02 21:50:44 +0000
committer	Rémy Coutable <remy@rymai.me>	2016-11-09 12:27:17 +0100
commit	b0bf92140f469db90ef378fd42a6f65eee1d4633 (patch)
tree	ef70b549ced2aca1b92a9f463014707b393c58b0 /app/helpers
parent	a14ee68fe4815d2906ece670bcc333303fd3c816 (diff)
download	gitlab-ce-b0bf92140f469db90ef378fd42a6f65eee1d4633.tar.gz