Guests can read builds if those are public

Fixes #18448
author: Z.J. van de Weg <zegerjan@gitlab.com> 2016-10-13 09:38:03 +0200
committer: Z.J. van de Weg <git@zjvandeweg.nl> 2016-12-04 15:48:50 +0100
commit: 617f43c74b967a085f6cd7afb1408cfa28187b52 (patch)
tree: de6e860add1690c240806c5de4289bf2a633d3f7 /app/policies
parent: bd67459131e22273b502eb27d97709827ff42262 (diff)
download: gitlab-ce-617f43c74b967a085f6cd7afb1408cfa28187b52.tar.gz
2 files changed, 7 insertions, 0 deletions
diff --git a/app/policies/ci/build_policy.rb b/app/policies/ci/build_policy.rb
index 8b25332b73c..7b1752df0e1 100644
--- a/app/policies/ci/build_policy.rb
+++ b/app/policies/ci/build_policy.rb
@@ -1,6 +1,8 @@
 module Ci
   class BuildPolicy < CommitStatusPolicy
     def rules
+      can! :read_build if @subject.project.public_builds?
+
       super
 
       # If we can't read build we should also not have that
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 8ac4bd9df6d..b4c1fcabefd 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -46,6 +46,11 @@ class ProjectPolicy < BasePolicy
     can! :create_note
     can! :upload_file
     can! :read_cycle_analytics
+
+    if project.public_builds?
+      can! :read_pipeline
+      can! :read_build
+    end
   end
 
   def reporter_access!
author	Z.J. van de Weg <zegerjan@gitlab.com>	2016-10-13 09:38:03 +0200
committer	Z.J. van de Weg <git@zjvandeweg.nl>	2016-12-04 15:48:50 +0100
commit	617f43c74b967a085f6cd7afb1408cfa28187b52 (patch)
tree	de6e860add1690c240806c5de4289bf2a633d3f7 /app/policies
parent	bd67459131e22273b502eb27d97709827ff42262 (diff)
download	gitlab-ce-617f43c74b967a085f6cd7afb1408cfa28187b52.tar.gz