diff options
author | Rubén Dávila <ruben@gitlab.com> | 2018-06-12 10:02:06 -0500 |
---|---|---|
committer | Rubén Dávila <ruben@gitlab.com> | 2018-06-12 10:02:06 -0500 |
commit | c1cc4777caad078e3eff9ba6170beb7ee7254917 (patch) | |
tree | 59863ce55f741e5f1e895ed77c0aaadf719cc48c /app | |
parent | 75797ac3d2b534a1deda48c8450027055a7c721b (diff) | |
download | gitlab-ce-c1cc4777caad078e3eff9ba6170beb7ee7254917.tar.gz |
Hide events from internal projects in public feed for anonymous users
This change fixes a bug where an anonymous user was able to see the
activity related to internal projects when visiting the public profile
of a user of the GitLab instance.
Diffstat (limited to 'app')
-rw-r--r-- | app/finders/user_recent_events_finder.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/finders/user_recent_events_finder.rb b/app/finders/user_recent_events_finder.rb index 65d6e019746..74776b2ed1f 100644 --- a/app/finders/user_recent_events_finder.rb +++ b/app/finders/user_recent_events_finder.rb @@ -56,7 +56,7 @@ class UserRecentEventsFinder visible = target_user .project_interactions - .where(visibility_level: [Gitlab::VisibilityLevel::INTERNAL, Gitlab::VisibilityLevel::PUBLIC]) + .where(visibility_level: Gitlab::VisibilityLevel.levels_for_user(current_user)) .select(:id) Gitlab::SQL::Union.new([authorized, visible]).to_sql |