Add latest changes from gitlab-org/security/gitlab@14-10-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-04-29 11:18:14 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-04-29 11:18:14 +0300
commit: deb2f3a60831afda2ad7ec144eb58aaf269abe58 (patch)
tree: 66c001da2aeba9b3e0204af1407c91994057f403 /app/controllers/projects/artifacts_controller.rb
parent: 88da5554d9626377fe7868e956a47a0498e04eb5 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/app/controllers/projects/artifacts_controller.rb b/app/controllers/projects/artifacts_controller.rb
index feed94708f6..997d321ac24 100644
--- a/app/controllers/projects/artifacts_controller.rb
+++ b/app/controllers/projects/artifacts_controller.rb
@@ -9,6 +9,7 @@ class Projects::ArtifactsController < Projects::ApplicationController
 
   layout 'project'
   before_action :authorize_read_build!
+  before_action :authorize_read_build_trace!, only: [:download]
   before_action :authorize_update_build!, only: [:keep]
   before_action :authorize_destroy_artifacts!, only: [:destroy]
   before_action :extract_ref_name_and_path
@@ -164,4 +165,10 @@ class Projects::ArtifactsController < Projects::ApplicationController
 
     render_404 unless @entry.exists?
   end
+
+  def authorize_read_build_trace!
+    return unless params[:file_type] == 'trace'
+
+    super
+  end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-04-29 11:18:14 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-04-29 11:18:14 +0300
commit	deb2f3a60831afda2ad7ec144eb58aaf269abe58 (patch)
tree	66c001da2aeba9b3e0204af1407c91994057f403 /app/controllers/projects/artifacts_controller.rb
parent	88da5554d9626377fe7868e956a47a0498e04eb5 (diff)