diff options
author | Bob Van Landuyt <bob@vanlanduyt.co> | 2017-12-11 17:21:06 +0300 |
---|---|---|
committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-02-22 19:11:36 +0300 |
commit | 148816cd67a314f17e79c107270cc708501bdd39 (patch) | |
tree | eba07d109322392bb5862b715adc066a0ebbdf95 /app/controllers/groups_controller.rb | |
parent | b5306075c21f5546d1447052558da6227629c15e (diff) |
Port `read_cross_project` ability from EE
Diffstat (limited to 'app/controllers/groups_controller.rb')
-rw-r--r-- | app/controllers/groups_controller.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 7d129c5dece..14b9d6c22bd 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -19,6 +19,12 @@ class GroupsController < Groups::ApplicationController before_action :user_actions, only: [:show, :subgroups] + skip_cross_project_access_check :index, :new, :create, :edit, :update, + :destroy, :projects + # When loading show as an atom feed, we render events that could leak cross + # project information + skip_cross_project_access_check :show, if: -> { request.format.html? } + layout :determine_layout def index |