diff options
author | Jan Provaznik <jprovaznik@gitlab.com> | 2018-10-23 15:48:05 +0000 |
---|---|---|
committer | Thiago Presa <tpresa@gitlab.com> | 2018-10-24 21:35:10 -0300 |
commit | 76c4b2e49fba64f6d463d472fc52ab7a03c1473c (patch) | |
tree | 87cc177c4375815a2eff12c7dc77ec8a4fbb5eb7 /config | |
parent | 3e817f58df82b86bdb5b095206b88c6bf8675eaa (diff) | |
download | gitlab-ce-76c4b2e49fba64f6d463d472fc52ab7a03c1473c.tar.gz |
Merge branch 'security-unauth-protected-branch-delete-11-4' into 'security-11-4-ee'
[11.4] Unauthorized user can delete protected branch's merge access levels and push access levels
See merge request gitlab/gitlab-ee!699
Diffstat (limited to 'config')
-rw-r--r-- | config/routes/repository.rb | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/config/routes/repository.rb b/config/routes/repository.rb index 50ba86bc4da..696106e387a 100644 --- a/config/routes/repository.rb +++ b/config/routes/repository.rb @@ -58,14 +58,7 @@ scope format: false do resource :release, only: [:edit, :update] end - resources :protected_branches, only: [:index, :show, :create, :update, :destroy, :patch], constraints: { id: Gitlab::PathRegex.git_reference_regex } do - ## EE-specific - scope module: :protected_branches do - resources :merge_access_levels, only: [:destroy] - resources :push_access_levels, only: [:destroy] - end - end - + resources :protected_branches, only: [:index, :show, :create, :update, :destroy, :patch], constraints: { id: Gitlab::PathRegex.git_reference_regex } resources :protected_tags, only: [:index, :show, :create, :update, :destroy] end |