diff options
author | Tiago Botelho <tiagonbotelho@hotmail.com> | 2018-12-10 13:58:34 +0000 |
---|---|---|
committer | Tiago Botelho <tiagonbotelho@hotmail.com> | 2018-12-19 10:21:02 +0000 |
commit | 8772bdabb2f48e9868971d8349f6e36985bffec0 (patch) | |
tree | 2de07720b461ed2bd03b5cd201a7b63739ddf779 /app | |
parent | ffef28ccd6d37ade2c3ee3ca46679749f9cf09aa (diff) | |
download | gitlab-ce-8772bdabb2f48e9868971d8349f6e36985bffec0.tar.gz |
Project guests no longer are able to see refs page
Adds download_code authorization check to ProjectsController#refs
action, to prevent a project guest from seeing branch, tags and
commits information
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects_controller.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 8bf93bfd68d..878816475b2 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -19,6 +19,7 @@ class ProjectsController < Projects::ApplicationController before_action :lfs_blob_ids, only: [:show], if: [:repo_exists?, :project_view_files?] before_action :project_export_enabled, only: [:export, :download_export, :remove_export, :generate_new_export] before_action :present_project, only: [:edit] + before_action :authorize_download_code!, only: [:refs] # Authorize before_action :authorize_admin_project!, only: [:edit, :update, :housekeeping, :download_export, :export, :remove_export, :generate_new_export] |