Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/projects/releases_controller.rb
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-01-03 00:07:38 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2020-01-03 00:07:38 +0300
commit9d54184f308893338967b18874dedebf38acf89e (patch)
tree100e32c6d4b34deac52d9e98a083361d89804b50 /app/controllers/projects/releases_controller.rb
parentd5b5f5e6e1474d5526add9033c9754b8e395841f (diff)
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/controllers/projects/releases_controller.rb')
-rw-r--r--app/controllers/projects/releases_controller.rb7
1 files changed, 6 insertions, 1 deletions
diff --git a/app/controllers/projects/releases_controller.rb b/app/controllers/projects/releases_controller.rb
index ffe69fe97e4..d6030a9e455 100644
--- a/app/controllers/projects/releases_controller.rb
+++ b/app/controllers/projects/releases_controller.rb
@@ -10,7 +10,7 @@ class Projects::ReleasesController < Projects::ApplicationController
push_frontend_feature_flag(:release_evidence_collection, project)
end
before_action :authorize_update_release!, only: %i[edit update]
- before_action :authorize_download_code!, only: [:evidence]
+ before_action :authorize_read_release_evidence!, only: [:evidence]
def index
respond_to do |format|
@@ -47,6 +47,11 @@ class Projects::ReleasesController < Projects::ApplicationController
access_denied! unless can?(current_user, :update_release, release)
end
+ def authorize_read_release_evidence!
+ access_denied! unless Feature.enabled?(:release_evidence, project, default_enabled: true)
+ access_denied! unless can?(current_user, :read_release_evidence, release)
+ end
+
def release
@release ||= project.releases.find_by_tag!(sanitized_tag_name)
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-24 18:17:33 +0300