Fix internal snippets can be searched by anyone

author: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-06-22 17:44:24 -0300
committer: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-06-22 17:44:24 -0300
commit: 8f9b64c720d55ee40066d5a6b1017ab95dbd9781 (patch)
tree: f7550c3a2353946f7524065ac2919a59ee6867f2 /app/models/snippet.rb
parent: 1d9bbb0b8ef4d67833fc99a5c6ffcdafa43a38d6 (diff)
download: gitlab-ce-8f9b64c720d55ee40066d5a6b1017ab95dbd9781.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/app/models/snippet.rb b/app/models/snippet.rb
index f8034cb5e6b..3a191cd91d0 100644
--- a/app/models/snippet.rb
+++ b/app/models/snippet.rb
@@ -135,7 +135,10 @@ class Snippet < ActiveRecord::Base
     end
 
     def accessible_to(user)
-      where('visibility_level IN (?) OR author_id = ?', [Snippet::INTERNAL, Snippet::PUBLIC], user)
+      visibility_levels = [Snippet::PUBLIC]
+      visibility_levels << Snippet::INTERNAL if user
+
+      where('visibility_level IN (?) OR author_id = ?', visibility_levels, user)
     end
   end
 end
author	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-06-22 17:44:24 -0300
committer	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-06-22 17:44:24 -0300
commit	8f9b64c720d55ee40066d5a6b1017ab95dbd9781 (patch)
tree	f7550c3a2353946f7524065ac2919a59ee6867f2 /app/models/snippet.rb
parent	1d9bbb0b8ef4d67833fc99a5c6ffcdafa43a38d6 (diff)
download	gitlab-ce-8f9b64c720d55ee40066d5a6b1017ab95dbd9781.tar.gz