summaryrefslogtreecommitdiff
path: root/app/services
diff options
context:
space:
mode:
authorDouwe Maan <douwe@gitlab.com>2016-11-02 21:50:44 +0000
committerRémy Coutable <remy@rymai.me>2016-11-09 12:27:17 +0100
commitb0bf92140f469db90ef378fd42a6f65eee1d4633 (patch)
treeef70b549ced2aca1b92a9f463014707b393c58b0 /app/services
parenta14ee68fe4815d2906ece670bcc333303fd3c816 (diff)
downloadgitlab-ce-b0bf92140f469db90ef378fd42a6f65eee1d4633.tar.gz
Merge branch 'fix-unathorized-cloning' into 'security'
Ensure external users are not able to clone disabled repositories. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23788 See merge request !2017 Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'app/services')
-rw-r--r--app/services/auth/container_registry_authentication_service.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb
index 8ea88da8a53..3fc1c70be75 100644
--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -76,7 +76,7 @@ module Auth
case requested_action
when 'pull'
- requested_project.public? || build_can_pull?(requested_project) || user_can_pull?(requested_project)
+ build_can_pull?(requested_project) || user_can_pull?(requested_project)
when 'push'
build_can_push?(requested_project) || user_can_push?(requested_project)
else