diff options
author | Douwe Maan <douwe@gitlab.com> | 2017-04-28 22:06:27 +0000 |
---|---|---|
committer | Bob Van Landuyt <bob@gitlab.com> | 2017-05-10 16:48:18 +0200 |
commit | ad309f5d110ebf8859b2e7196c7a1d0b039c0d7c (patch) | |
tree | 68e378c1c60578b73f3508b48fea343db0c6a762 /app/models/snippet.rb | |
parent | 576e244b6c017dcda2d2d848670ec3b60db63409 (diff) | |
download | gitlab-ce-ad309f5d110ebf8859b2e7196c7a1d0b039c0d7c.tar.gz |
Merge branch 'snippets-finder-visibility' into 'security'
Refactor snippets finder & dont return internal snippets for external users
See merge request !2094
Diffstat (limited to 'app/models/snippet.rb')
-rw-r--r-- | app/models/snippet.rb | 13 |
1 files changed, 0 insertions, 13 deletions
diff --git a/app/models/snippet.rb b/app/models/snippet.rb index abfbefdf9a0..882e2fa0594 100644 --- a/app/models/snippet.rb +++ b/app/models/snippet.rb @@ -152,18 +152,5 @@ class Snippet < ActiveRecord::Base where(table[:content].matches(pattern)) end - - def accessible_to(user) - return are_public unless user.present? - return all if user.admin? - - where( - 'visibility_level IN (:visibility_levels) - OR author_id = :author_id - OR project_id IN (:project_ids)', - visibility_levels: [Snippet::PUBLIC, Snippet::INTERNAL], - author_id: user.id, - project_ids: user.authorized_projects.select(:id)) - end end end |