Merge branch 'security-unauth-protected-branch-delete-11-4' into 'security-11-4-ee'

[11.4] Unauthorized user can delete protected branch's merge access levels and push access levels See merge request gitlab/gitlab-ee!699
author: Jan Provaznik <jprovaznik@gitlab.com> 2018-10-23 15:48:05 +0000
committer: Thiago Presa <tpresa@gitlab.com> 2018-10-24 21:35:10 -0300
commit: 76c4b2e49fba64f6d463d472fc52ab7a03c1473c (patch)
tree: 87cc177c4375815a2eff12c7dc77ec8a4fbb5eb7 /config
parent: 3e817f58df82b86bdb5b095206b88c6bf8675eaa (diff)
download: gitlab-ce-76c4b2e49fba64f6d463d472fc52ab7a03c1473c.tar.gz
1 files changed, 1 insertions, 8 deletions
diff --git a/config/routes/repository.rb b/config/routes/repository.rb
index 50ba86bc4da..696106e387a 100644
--- a/config/routes/repository.rb
+++ b/config/routes/repository.rb
@@ -58,14 +58,7 @@ scope format: false do
       resource :release, only: [:edit, :update]
     end
 
-    resources :protected_branches, only: [:index, :show, :create, :update, :destroy, :patch], constraints: { id: Gitlab::PathRegex.git_reference_regex } do
-      ## EE-specific
-      scope module: :protected_branches do
-        resources :merge_access_levels, only: [:destroy]
-        resources :push_access_levels, only: [:destroy]
-      end
-    end
-
+    resources :protected_branches, only: [:index, :show, :create, :update, :destroy, :patch], constraints: { id: Gitlab::PathRegex.git_reference_regex }
     resources :protected_tags, only: [:index, :show, :create, :update, :destroy]
   end
author	Jan Provaznik <jprovaznik@gitlab.com>	2018-10-23 15:48:05 +0000
committer	Thiago Presa <tpresa@gitlab.com>	2018-10-24 21:35:10 -0300
commit	76c4b2e49fba64f6d463d472fc52ab7a03c1473c (patch)
tree	87cc177c4375815a2eff12c7dc77ec8a4fbb5eb7 /config
parent	3e817f58df82b86bdb5b095206b88c6bf8675eaa (diff)
download	gitlab-ce-76c4b2e49fba64f6d463d472fc52ab7a03c1473c.tar.gz