diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-30 02:49:08 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-30 02:49:18 +0300 |
commit | 38dadcee569adfbbb1c9dc99634bba4e9a9128bc (patch) | |
tree | 32661c6c5a8585196d1c84b7f4efcdc166cb8240 /app | |
parent | 05bbfffcd3692a70849628ff36ecb8eeac4902af (diff) |
Add latest changes from gitlab-org/security/gitlab@15-9-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/services/merge_requests/push_options_handler_service.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/app/services/merge_requests/push_options_handler_service.rb b/app/services/merge_requests/push_options_handler_service.rb index 235dc6678df..e9abafceb13 100644 --- a/app/services/merge_requests/push_options_handler_service.rb +++ b/app/services/merge_requests/push_options_handler_service.rb @@ -54,7 +54,15 @@ module MergeRequests end def validate_service - errors << 'User is required' if current_user.nil? + if current_user.nil? + errors << 'User is required' + return + end + + unless current_user&.can?(:read_code, target_project) + errors << 'User access was denied' + return + end unless target_project.merge_requests_enabled? errors << "Merge requests are not enabled for project #{target_project.full_path}" |