diff options
| author | Rémy Coutable <remy@rymai.me> | 2016-04-13 11:32:25 +0000 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2016-04-13 11:32:25 +0000 |
| commit | cf306b17bfdcc426b635a5f99c972985598a4094 (patch) | |
| tree | 520cc8d77a8b093cdea114b78e63f5c118d005f6 /lib | |
| parent | 861e685e1853d45dea83bc1d06ebd639b120f36c (diff) | |
| parent | 4cd04443f5f69665ce1139726751af678e0e55c3 (diff) | |
| download | gitlab-ce-cf306b17bfdcc426b635a5f99c972985598a4094.tar.gz | |
Merge branch 'api-group-leaking' into 'master'
API: Return 404 if user does not have access to group
Closes #15185
After !3587 is merged, I'll update this one to also fix the return code of the tests in !3587.
See merge request !3683
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/helpers.rb | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 4921ae99e78..96af7d7675c 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -91,8 +91,7 @@ module API if can?(current_user, :read_group, group) group else - forbidden!("#{current_user.username} lacks sufficient "\ - "access to #{group.name}") + not_found!('Group') end end |