diff options
| author | Douwe Maan <douwe@gitlab.com> | 2018-02-23 12:14:14 +0300 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2018-02-23 12:14:14 +0300 |
| commit | f4bc6ec92e2af0b6cfd64f9ff0ca683bf62820d1 (patch) | |
| tree | 9e34a9a071d0c0c5900c0ba37927de4590fa23f9 /app/controllers/groups_controller.rb | |
| parent | 0a8aebcb550b705ec5987c6f905eaf5c5abb1cc1 (diff) | |
| parent | 08266ba0a14ec296b51cda6b54d1648985a11adf (diff) | |
Merge branch 'bvl-external-auth-port' into 'master'
Port `read_cross_project` ability from EE
See merge request gitlab-org/gitlab-ce!17208
Diffstat (limited to 'app/controllers/groups_controller.rb')
| -rw-r--r-- | app/controllers/groups_controller.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 7d129c5dece..14b9d6c22bd 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -19,6 +19,12 @@ class GroupsController < Groups::ApplicationController before_action :user_actions, only: [:show, :subgroups] + skip_cross_project_access_check :index, :new, :create, :edit, :update, + :destroy, :projects + # When loading show as an atom feed, we render events that could leak cross + # project information + skip_cross_project_access_check :show, if: -> { request.format.html? } + layout :determine_layout def index |