diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-27 10:32:43 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-27 10:32:43 +0000 |
commit | 547a5884d1ab6a22d9fc9ce79e5cf6f0310bc23d (patch) | |
tree | 655c2c0252d6ac08f0a825fac872f83845ee2e7f /app | |
parent | 25e94f0fc4c4666dbbacfcbdd6bce0380b8fe1d0 (diff) | |
download | gitlab-ce-547a5884d1ab6a22d9fc9ce79e5cf6f0310bc23d.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-4-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/models/project.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/app/models/project.rb b/app/models/project.rb index 6eb19b4462c..00a572b775d 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -2714,8 +2714,23 @@ class Project < ApplicationRecord self.errors.add(:base, _("Could not change HEAD: branch '%{branch}' does not exist") % { branch: branch }) end + def visible_group_links(for_user:) + user = for_user + links = project_group_links_with_preload + user.max_member_access_for_group_ids(links.map(&:group_id)) if user && links.any? + + DeclarativePolicy.user_scope do + links.select { Ability.allowed?(user, :read_group, _1.group) } + end + end + private + # overridden in EE + def project_group_links_with_preload + project_group_links + end + def save_topics return if @topic_list.nil? |