diff options
author | Douwe Maan <douwe@gitlab.com> | 2018-06-05 18:27:00 +0300 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2018-06-05 18:27:00 +0300 |
commit | 1fd2c6460d0d8ff3167fb742b41a4b010cc7ad8b (patch) | |
tree | 14688be718b8c381398025de364c0bffb93478c8 /app/controllers | |
parent | 0a5f3aa37833fe6365fc8ab7af8912d15b4d844a (diff) | |
parent | 491e1fc905ef52dcc2e7df7deabd3c1f6e42aa52 (diff) |
Merge branch 'bvl-403-for-external-auth-service-ce' into 'master'
[CE-backbport] Render a 403 when showing an access denied message
See merge request gitlab-org/gitlab-ce!19415
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/application_controller.rb | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index db8a8cdc0d2..bc60a0a02e8 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -130,12 +130,17 @@ class ApplicationController < ActionController::Base end def access_denied!(message = nil) + # If we display a custom access denied message to the user, we don't want to + # hide existence of the resource, rather tell them they cannot access it using + # the provided message + status = message.present? ? :forbidden : :not_found + respond_to do |format| - format.any { head :not_found } + format.any { head status } format.html do render "errors/access_denied", layout: "errors", - status: 404, + status: status, locals: { message: message } end end |