Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/projects/project_members_controller.rb
diff options
context:
space:
mode:
authorFelipe Artur <felipefac@gmail.com>2016-04-15 18:04:07 +0300
committerFelipe Artur <felipefac@gmail.com>2016-04-18 23:53:34 +0300
commit62f6601c598d59781137109c0eee5c5ea1792e13 (patch)
treee3169964c28e746d7491d50439258fc58af86013 /app/controllers/projects/project_members_controller.rb
parent17b60d681828567e47c8a62ef312abc46e2beeea (diff)
Show project members only for members
Diffstat (limited to 'app/controllers/projects/project_members_controller.rb')
-rw-r--r--app/controllers/projects/project_members_controller.rb7
1 files changed, 6 insertions, 1 deletions
diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb
index e457db2f0b7..f8c9ff657df 100644
--- a/app/controllers/projects/project_members_controller.rb
+++ b/app/controllers/projects/project_members_controller.rb
@@ -1,6 +1,7 @@
class Projects::ProjectMembersController < Projects::ApplicationController
# Authorize
- before_action :authorize_admin_project_member!, except: :leave
+ before_action :authorize_admin_project_member!, except: [:leave, :index]
+ before_action :authorize_read_members_list!, only: [:index]
def index
@project_members = @project.project_members
@@ -112,4 +113,8 @@ class Projects::ProjectMembersController < Projects::ApplicationController
def member_params
params.require(:project_member).permit(:user_id, :access_level)
end
+
+ def authorize_read_members_list!
+ render_403 unless can?(current_user, :read_members_list , @project)
+ end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-04 03:30:17 +0300