diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-11-26 12:01:08 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-11-26 12:01:08 +0000 |
commit | 2e2b53ead7b2f8977b79871178da68e80e0e4a0a (patch) | |
tree | dca7a854c101d5506e26fe20ae4a499d55beca39 /lib | |
parent | 20a4702f2e316effa1396d8d826bd9216d0be3fc (diff) | |
parent | 879ca8ab319a60f114e99a57848467d252fc65c7 (diff) | |
download | gitlab-ce-2e2b53ead7b2f8977b79871178da68e80e0e4a0a.tar.gz |
Merge branch 'security-ag-cycle-analytics-guest-permissions-12-3' into '12-3-stable'
Prevent guests from seeing commits for cycle analytics
See merge request gitlab/gitlabhq!3535
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/cycle_analytics/stage_summary.rb | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/lib/gitlab/cycle_analytics/stage_summary.rb b/lib/gitlab/cycle_analytics/stage_summary.rb index 5198dd5b4eb..c0ee65a106d 100644 --- a/lib/gitlab/cycle_analytics/stage_summary.rb +++ b/lib/gitlab/cycle_analytics/stage_summary.rb @@ -10,13 +10,29 @@ module Gitlab end def data - [serialize(Summary::Issue.new(project: @project, from: @from, current_user: @current_user)), - serialize(Summary::Commit.new(project: @project, from: @from)), - serialize(Summary::Deploy.new(project: @project, from: @from))] + summary = [issue_stats] + summary << commit_stats if user_has_sufficient_access? + summary << deploy_stats end private + def issue_stats + serialize(Summary::Issue.new(project: @project, from: @from, current_user: @current_user)) + end + + def commit_stats + serialize(Summary::Commit.new(project: @project, from: @from)) + end + + def deploy_stats + serialize(Summary::Deploy.new(project: @project, from: @from)) + end + + def user_has_sufficient_access? + @project.team.member?(@current_user, Gitlab::Access::REPORTER) + end + def serialize(summary_object) AnalyticsSummarySerializer.new.represent(summary_object) end |