summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG5
-rw-r--r--VERSION2
-rw-r--r--app/finders/snippets_finder.rb2
-rw-r--r--spec/finders/snippets_finder_spec.rb7
4 files changed, 15 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 5a494cccc69..4428bae4ebd 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,11 @@
+v 7.4.2
+ - Fix internal snippet exposing for unauthenticated users
+
v 7.4.1
- Fix LDAP authentication for Git HTTP access
- Fix LDAP config lookup for provider 'ldap'
+ - Fix public snippets
+ - Fix 500 error on projects with nested submodules
v 7.4.0
- Refactored membership logic
diff --git a/VERSION b/VERSION
index 815da58b7a9..f8cb1fa110d 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-7.4.1
+7.4.2
diff --git a/app/finders/snippets_finder.rb b/app/finders/snippets_finder.rb
index b29ab6cf40b..4b0c69f2d2f 100644
--- a/app/finders/snippets_finder.rb
+++ b/app/finders/snippets_finder.rb
@@ -29,6 +29,8 @@ class SnippetsFinder
def by_user(current_user, user, scope)
snippets = user.snippets.fresh.non_expired
+ return snippets.are_public unless current_user
+
if user == current_user
case scope
when 'are_internal' then
diff --git a/spec/finders/snippets_finder_spec.rb b/spec/finders/snippets_finder_spec.rb
index 5af76968183..c645cbc964c 100644
--- a/spec/finders/snippets_finder_spec.rb
+++ b/spec/finders/snippets_finder_spec.rb
@@ -64,6 +64,13 @@ describe SnippetsFinder do
snippets = SnippetsFinder.new.execute(user, filter: :by_user, user: user)
snippets.should include(@snippet1, @snippet2, @snippet3)
end
+
+ it "returns only public snippets if unauthenticated user" do
+ snippets = SnippetsFinder.new.execute(nil, filter: :by_user, user: user)
+ snippets.should include(@snippet3)
+ snippets.should_not include(@snippet2, @snippet1)
+ end
+
end
context 'by_project filter' do