diff options
author | Luke Duncalfe <lduncalfe@eml.cc> | 2019-01-31 17:21:35 +1300 |
---|---|---|
committer | Luke Duncalfe <lduncalfe@eml.cc> | 2019-02-18 11:30:32 +1300 |
commit | 618b87448e9167f39d8216d1100733cc0fbf020b (patch) | |
tree | 9e2a063df6a0b1df78e9d3487a6ed344f27b567a /lib/api/environments.rb | |
parent | 813df901e81257e3175015c94022151824682e83 (diff) | |
download | gitlab-ce-618b87448e9167f39d8216d1100733cc0fbf020b.tar.gz |
Prevent leaking of private repo data through API
default_branch, statistics and config_ci_path are now only exposed if
the user has permissions to the repository.
Diffstat (limited to 'lib/api/environments.rb')
-rw-r--r-- | lib/api/environments.rb | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/api/environments.rb b/lib/api/environments.rb index 0278c6c54a5..5b0f3b914cb 100644 --- a/lib/api/environments.rb +++ b/lib/api/environments.rb @@ -22,7 +22,7 @@ module API get ':id/environments' do authorize! :read_environment, user_project - present paginate(user_project.environments), with: Entities::Environment + present paginate(user_project.environments), with: Entities::Environment, current_user: current_user end desc 'Creates a new environment' do @@ -40,7 +40,7 @@ module API environment = user_project.environments.create(declared_params) if environment.persisted? - present environment, with: Entities::Environment + present environment, with: Entities::Environment, current_user: current_user else render_validation_error!(environment) end @@ -63,7 +63,7 @@ module API update_params = declared_params(include_missing: false).extract!(:name, :external_url) if environment.update(update_params) - present environment, with: Entities::Environment + present environment, with: Entities::Environment, current_user: current_user else render_validation_error!(environment) end @@ -99,7 +99,7 @@ module API environment.stop_with_action!(current_user) status 200 - present environment, with: Entities::Environment + present environment, with: Entities::Environment, current_user: current_user end end end |