Merge branch 'fix-private-snippet-api' into 'master'

Prevent information disclosure via snippet API Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15580 See merge request !1958
author: Robert Speicher <robert@gitlab.com> 2016-04-25 20:30:11 +0000
committer: Yorick Peterse <yorick@gitlab.com> 2016-04-25 21:51:52 +0000
commit: 516900b9dc6423a905b1ada3b7b4c9b593b51c6d (patch)
tree: 4dbc74753bc1cc03d1e3289e50028b565354773b /app
parent: f03c454809fd77f7688b9e7a198a3778a82b91ea (diff)
download: gitlab-ce-516900b9dc6423a905b1ada3b7b4c9b593b51c6d.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/finders/snippets_finder.rb b/app/finders/snippets_finder.rb
index a41172816b8..01cbf91c658 100644
--- a/app/finders/snippets_finder.rb
+++ b/app/finders/snippets_finder.rb
@@ -51,7 +51,7 @@ class SnippetsFinder
     snippets = project.snippets.fresh
 
     if current_user
-      if project.team.member?(current_user.id)
+      if project.team.member?(current_user.id) || current_user.admin?
         snippets
       else
         snippets.public_and_internal
author	Robert Speicher <robert@gitlab.com>	2016-04-25 20:30:11 +0000
committer	Yorick Peterse <yorick@gitlab.com>	2016-04-25 21:51:52 +0000
commit	516900b9dc6423a905b1ada3b7b4c9b593b51c6d (patch)
tree	4dbc74753bc1cc03d1e3289e50028b565354773b /app
parent	f03c454809fd77f7688b9e7a198a3778a82b91ea (diff)
download	gitlab-ce-516900b9dc6423a905b1ada3b7b4c9b593b51c6d.tar.gz