From 45fa9dfa7b7c84912ddece49c46db9bcf6b07468 Mon Sep 17 00:00:00 2001
From: Paul Slaughter <pslaughter@gitlab.com>
Date: Tue, 29 May 2018 17:48:58 -0500
Subject: Revert access_denied alias for render_403

---
 app/controllers/application_controller.rb             | 19 +++++++++++--------
 ...controller_with_cross_project_access_check_spec.rb | 12 ++++++------
 2 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c8f726c2b45..db8a8cdc0d2 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -130,22 +130,25 @@ class ApplicationController < ActionController::Base
   end
 
   def access_denied!(message = nil)
-    render_403 message
+    respond_to do |format|
+      format.any { head :not_found }
+      format.html do
+        render "errors/access_denied",
+               layout: "errors",
+               status: 404,
+               locals: { message: message }
+      end
+    end
   end
 
   def git_not_found!
     render "errors/git_not_found.html", layout: "errors", status: 404
   end
 
-  def render_403(message = nil)
+  def render_403
     respond_to do |format|
       format.any { head :forbidden }
-      format.html do 
-        render "errors/access_denied", 
-               layout: "errors", 
-               status: 403,
-               locals: { message: message }
-      end
+      format.html { render "errors/access_denied", layout: "errors", status: 403 }
     end
   end
 
diff --git a/spec/controllers/concerns/controller_with_cross_project_access_check_spec.rb b/spec/controllers/concerns/controller_with_cross_project_access_check_spec.rb
index d20471ef603..27f558e1b5d 100644
--- a/spec/controllers/concerns/controller_with_cross_project_access_check_spec.rb
+++ b/spec/controllers/concerns/controller_with_cross_project_access_check_spec.rb
@@ -43,13 +43,13 @@ describe ControllerWithCrossProjectAccessCheck do
         end
       end
 
-      it 'renders a 403 with trying to access a cross project page' do
+      it 'renders a 404 with trying to access a cross project page' do
         message = "This page is unavailable because you are not allowed to read "\
                   "information across multiple projects."
 
         get :index
 
-        expect(response).to have_gitlab_http_status(403)
+        expect(response).to have_gitlab_http_status(404)
         expect(response.body).to match(/#{message}/)
       end
 
@@ -119,7 +119,7 @@ describe ControllerWithCrossProjectAccessCheck do
 
         get :index
 
-        expect(response).to have_gitlab_http_status(403)
+        expect(response).to have_gitlab_http_status(404)
       end
 
       it 'is executed when the `unless` condition returns true' do
@@ -127,19 +127,19 @@ describe ControllerWithCrossProjectAccessCheck do
 
         get :index
 
-        expect(response).to have_gitlab_http_status(403)
+        expect(response).to have_gitlab_http_status(404)
       end
 
       it 'does not skip the check on an action that is not skipped' do
         get :show, id: 'hello'
 
-        expect(response).to have_gitlab_http_status(403)
+        expect(response).to have_gitlab_http_status(404)
       end
 
       it 'does not skip the check on an action that was not defined to skip' do
         get :edit, id: 'hello'
 
-        expect(response).to have_gitlab_http_status(403)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
-- 
cgit v1.2.1