diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-04-02 07:48:30 +0000 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-04-02 07:48:30 +0000 |
| commit | 3e4c2b0427d70e920758e9c8f71ac43060d8c509 (patch) | |
| tree | 0ef4e37b03a2a4de81b240bd63c0d31fa1428dd7 /app | |
| parent | b122be5ed55e3898196fb21e47fff40eb7dd6e0c (diff) | |
| parent | 727ec95528c3b928992406e570427728e7186fd4 (diff) | |
| download | gitlab-ce-3e4c2b0427d70e920758e9c8f71ac43060d8c509.tar.gz | |
Merge branch 'security-56224' into 'master'
Fix related branches visible in issues for guests
See merge request gitlab/gitlabhq!2996
Diffstat (limited to 'app')
| -rw-r--r-- | app/assets/javascripts/issue.js | 4 | ||||
| -rw-r--r-- | app/controllers/projects/issues_controller.rb | 1 | ||||
| -rw-r--r-- | app/views/projects/issues/show.html.haml | 5 |
3 files changed, 7 insertions, 3 deletions
diff --git a/app/assets/javascripts/issue.js b/app/assets/javascripts/issue.js index 94b78907d9a..b3508f36cf9 100644 --- a/app/assets/javascripts/issue.js +++ b/app/assets/javascripts/issue.js @@ -16,7 +16,9 @@ export default class Issue { Issue.createMrDropdownWrap = document.querySelector('.create-mr-dropdown-wrap'); Issue.initMergeRequests(); - Issue.initRelatedBranches(); + if (document.querySelector('#related-branches')) { + Issue.initRelatedBranches(); + } this.closeButtons = $('a.btn-close'); this.reopenButtons = $('a.btn-reopen'); diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index b9d02a62fc3..2cb40697b5c 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -39,6 +39,7 @@ class Projects::IssuesController < Projects::ApplicationController before_action :authorize_create_merge_request_from!, only: [:create_merge_request] before_action :authorize_import_issues!, only: [:import_csv] + before_action :authorize_download_code!, only: [:related_branches] before_action :set_suggested_issues_feature_flags, only: [:new] diff --git a/app/views/projects/issues/show.html.haml b/app/views/projects/issues/show.html.haml index 3a674da6e87..819d3c4ec76 100644 --- a/app/views/projects/issues/show.html.haml +++ b/app/views/projects/issues/show.html.haml @@ -80,8 +80,9 @@ #merge-requests{ data: { url: referenced_merge_requests_project_issue_path(@project, @issue) } } // This element is filled in using JavaScript. - #related-branches{ data: { url: related_branches_project_issue_path(@project, @issue) } } - // This element is filled in using JavaScript. + - if can?(current_user, :download_code, @project) + #related-branches{ data: { url: related_branches_project_issue_path(@project, @issue) } } + // This element is filled in using JavaScript. .content-block.emoji-block.emoji-block-sticky .row |