diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-19 11:27:35 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-19 11:27:35 +0300 |
commit | 7e9c479f7de77702622631cff2628a9c8dcbc627 (patch) | |
tree | c8f718a08e110ad7e1894510980d2155a6549197 /app/finders/packages | |
parent | e852b0ae16db4052c1c567d9efa4facc81146e88 (diff) |
Add latest changes from gitlab-org/gitlab@13-6-stable-eev13.6.0-rc42
Diffstat (limited to 'app/finders/packages')
-rw-r--r-- | app/finders/packages/group_packages_finder.rb | 9 | ||||
-rw-r--r-- | app/finders/packages/npm/package_finder.rb | 2 |
2 files changed, 8 insertions, 3 deletions
diff --git a/app/finders/packages/group_packages_finder.rb b/app/finders/packages/group_packages_finder.rb index 8b948bb056d..a51057571f1 100644 --- a/app/finders/packages/group_packages_finder.rb +++ b/app/finders/packages/group_packages_finder.rb @@ -25,7 +25,7 @@ module Packages .including_build_info .including_project_route .including_tags - .for_projects(group_projects_visible_to_current_user) + .for_projects(group_projects_visible_to_current_user.select(:id)) .processed .has_version .sort_by_attribute("#{params[:order_by]}_#{params[:sort]}") @@ -36,11 +36,14 @@ module Packages end def group_projects_visible_to_current_user + # according to project_policy.rb + # access to packages is ruled by: + # - project is public or the current user has access to it with at least the reporter level + # - the repository feature is available to the current_user ::Project .in_namespace(groups) .public_or_visible_to_user(current_user, Gitlab::Access::REPORTER) - .with_project_feature - .select { |project| Ability.allowed?(current_user, :read_package, project) } + .with_feature_available_for_user(:repository, current_user) end def package_type diff --git a/app/finders/packages/npm/package_finder.rb b/app/finders/packages/npm/package_finder.rb index 8599fd07e7f..2854226e178 100644 --- a/app/finders/packages/npm/package_finder.rb +++ b/app/finders/packages/npm/package_finder.rb @@ -12,6 +12,8 @@ module Packages end def execute + return Packages::Package.none unless project + packages end |