diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-30 02:49:36 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-30 02:49:49 +0300 |
commit | 56ff640a2f919e9d0e450964081381a8eccef5e4 (patch) | |
tree | 5fd092431f067f6e2d21f887efa8dd0194a89f5b /app/services/merge_requests | |
parent | 3dd03a1a19e6b788ec1296044e28f7727e5149a6 (diff) |
Add latest changes from gitlab-org/security/gitlab@15-10-stable-ee
Diffstat (limited to 'app/services/merge_requests')
-rw-r--r-- | app/services/merge_requests/push_options_handler_service.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/app/services/merge_requests/push_options_handler_service.rb b/app/services/merge_requests/push_options_handler_service.rb index 235dc6678df..e9abafceb13 100644 --- a/app/services/merge_requests/push_options_handler_service.rb +++ b/app/services/merge_requests/push_options_handler_service.rb @@ -54,7 +54,15 @@ module MergeRequests end def validate_service - errors << 'User is required' if current_user.nil? + if current_user.nil? + errors << 'User is required' + return + end + + unless current_user&.can?(:read_code, target_project) + errors << 'User access was denied' + return + end unless target_project.merge_requests_enabled? errors << "Merge requests are not enabled for project #{target_project.full_path}" |