diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-07-26 13:40:59 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-07-26 13:40:59 +0000 |
commit | 3a178b26107d99377347664ce4cb7e5bcb0dc854 (patch) | |
tree | 35fabe4fb630db39a21071806b6a7308875c250f /app | |
parent | f65ed87489e81ade3d3d78098db75a60db8eb893 (diff) | |
parent | 019caa8de59f0ca701d4f099a4068605b17e3b93 (diff) | |
download | gitlab-ce-3a178b26107d99377347664ce4cb7e5bcb0dc854.tar.gz |
Merge branch 'security-mr-pipeline-permissions' into 'master'
MR pipeline permissions
Closes #2871
See merge request gitlab/gitlabhq!3204
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects/merge_requests/application_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/merge_requests_controller.rb | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/app/controllers/projects/merge_requests/application_controller.rb b/app/controllers/projects/merge_requests/application_controller.rb index dcc272aecff..006731c0e66 100644 --- a/app/controllers/projects/merge_requests/application_controller.rb +++ b/app/controllers/projects/merge_requests/application_controller.rb @@ -45,7 +45,7 @@ class Projects::MergeRequests::ApplicationController < Projects::ApplicationCont def set_pipeline_variables @pipelines = - if can?(current_user, :read_pipeline, @project) + if can?(current_user, :read_pipeline, @merge_request.source_project) @merge_request.all_pipelines else Ci::Pipeline.none diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index 2aa2508be16..f4d381244d9 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -82,7 +82,8 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo end def pipelines - @pipelines = @merge_request.all_pipelines.page(params[:page]).per(30) + set_pipeline_variables + @pipelines = @pipelines.page(params[:page]).per(30) Gitlab::PollingInterval.set_header(response, interval: 10_000) |