Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorJohn Jarvis <jarv@gitlab.com>2019-01-01 23:38:39 +0300
committerJohn Jarvis <jarv@gitlab.com>2019-01-01 23:38:39 +0300
commit0058c97a1b564b7050e17bbf015ca2482f04657f (patch)
tree36a5ab5cde0320d2d864c39b210350a8d1fa3471 /app
parente4dabec82a8f375389b9bb52b8fe6b1ac304d74e (diff)
parent8772bdabb2f48e9868971d8349f6e36985bffec0 (diff)
Merge branch 'security-refs-available-to-project-guest' into 'master'
[master] Project guests no longer are able to see refs page See merge request gitlab/gitlabhq!2685
Diffstat (limited to 'app')
-rw-r--r--app/controllers/projects_controller.rb1
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 8bf93bfd68d..878816475b2 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -19,6 +19,7 @@ class ProjectsController < Projects::ApplicationController
before_action :lfs_blob_ids, only: [:show], if: [:repo_exists?, :project_view_files?]
before_action :project_export_enabled, only: [:export, :download_export, :remove_export, :generate_new_export]
before_action :present_project, only: [:edit]
+ before_action :authorize_download_code!, only: [:refs]
# Authorize
before_action :authorize_admin_project!, only: [:edit, :update, :housekeeping, :download_export, :export, :remove_export, :generate_new_export]
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 23:37:32 +0300