diff options
author | Robert Speicher <robert@gitlab.com> | 2016-04-25 20:30:11 +0000 |
---|---|---|
committer | Yorick Peterse <yorick@gitlab.com> | 2016-04-25 21:51:52 +0000 |
commit | 516900b9dc6423a905b1ada3b7b4c9b593b51c6d (patch) | |
tree | 4dbc74753bc1cc03d1e3289e50028b565354773b /app | |
parent | f03c454809fd77f7688b9e7a198a3778a82b91ea (diff) | |
download | gitlab-ce-516900b9dc6423a905b1ada3b7b4c9b593b51c6d.tar.gz |
Merge branch 'fix-private-snippet-api' into 'master'
Prevent information disclosure via snippet API
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15580
See merge request !1958
Diffstat (limited to 'app')
-rw-r--r-- | app/finders/snippets_finder.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/finders/snippets_finder.rb b/app/finders/snippets_finder.rb index a41172816b8..01cbf91c658 100644 --- a/app/finders/snippets_finder.rb +++ b/app/finders/snippets_finder.rb @@ -51,7 +51,7 @@ class SnippetsFinder snippets = project.snippets.fresh if current_user - if project.team.member?(current_user.id) + if project.team.member?(current_user.id) || current_user.admin? snippets else snippets.public_and_internal |