diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-29 11:18:14 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-29 11:18:14 +0300 |
commit | deb2f3a60831afda2ad7ec144eb58aaf269abe58 (patch) | |
tree | 66c001da2aeba9b3e0204af1407c91994057f403 /app/controllers/projects/artifacts_controller.rb | |
parent | 88da5554d9626377fe7868e956a47a0498e04eb5 (diff) |
Add latest changes from gitlab-org/security/gitlab@14-10-stable-ee
Diffstat (limited to 'app/controllers/projects/artifacts_controller.rb')
-rw-r--r-- | app/controllers/projects/artifacts_controller.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/app/controllers/projects/artifacts_controller.rb b/app/controllers/projects/artifacts_controller.rb index feed94708f6..997d321ac24 100644 --- a/app/controllers/projects/artifacts_controller.rb +++ b/app/controllers/projects/artifacts_controller.rb @@ -9,6 +9,7 @@ class Projects::ArtifactsController < Projects::ApplicationController layout 'project' before_action :authorize_read_build! + before_action :authorize_read_build_trace!, only: [:download] before_action :authorize_update_build!, only: [:keep] before_action :authorize_destroy_artifacts!, only: [:destroy] before_action :extract_ref_name_and_path @@ -164,4 +165,10 @@ class Projects::ArtifactsController < Projects::ApplicationController render_404 unless @entry.exists? end + + def authorize_read_build_trace! + return unless params[:file_type] == 'trace' + + super + end end |