diff options
| author | Douwe Maan <douwe@gitlab.com> | 2015-06-18 14:43:32 +0300 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2015-06-18 14:43:32 +0300 |
| commit | 0e615a486398166956ac612e1558abd1d44e1f8f (patch) | |
| tree | b9f4ce97b1efd94acedf72732b1a5319f372d6b7 /app | |
| parent | ffe130d857dbf450d696c0341f03b413a3114d3c (diff) | |
| parent | 07efb17e10fe26a01b60d8441868f9fbda0768f2 (diff) | |
Merge branch 'fix-labels-permisssion-check' into 'master'
Fix 403 Access Denied error messages when accessing Labels section in a project
This would occur if the project's issues or merge requests features were disabled. The change in 9bcd36396b9 caused `can?(current_user, :read_merge_request, project)` to be false if the merge request feature were disabled, so `authorize_labels!` needs to be changed accordingly.
Closes #1813
See merge request !836
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/application_controller.rb | 7 | ||||
| -rw-r--r-- | app/controllers/projects/labels_controller.rb | 2 | ||||
| -rw-r--r-- | app/models/ability.rb | 1 |
3 files changed, 3 insertions, 7 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 62d46a5482e..a657d3c54ee 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -89,7 +89,7 @@ class ApplicationController < ActionController::Base end def after_sign_out_path_for(resource) - current_application_settings.after_sign_out_path || new_user_session_path + current_application_settings.after_sign_out_path || new_user_session_path end def abilities @@ -140,11 +140,6 @@ class ApplicationController < ActionController::Base return access_denied! unless can?(current_user, action, project) end - def authorize_labels! - # Labels should be accessible for issues and/or merge requests - authorize_read_issue! || authorize_read_merge_request! - end - def access_denied! render "errors/access_denied", layout: "errors", status: 404 end diff --git a/app/controllers/projects/labels_controller.rb b/app/controllers/projects/labels_controller.rb index 2f8cb203cf9..86d6e3e0f6b 100644 --- a/app/controllers/projects/labels_controller.rb +++ b/app/controllers/projects/labels_controller.rb @@ -1,7 +1,7 @@ class Projects::LabelsController < Projects::ApplicationController before_action :module_enabled before_action :label, only: [:edit, :update, :destroy] - before_action :authorize_labels! + before_action :authorize_read_label! before_action :authorize_admin_labels!, except: [:index] respond_to :js, :html diff --git a/app/models/ability.rb b/app/models/ability.rb index 4e6c60dc8ca..bcd2adee00b 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -138,6 +138,7 @@ class Ability :read_project, :read_wiki, :read_issue, + :read_label, :read_milestone, :read_project_snippet, :read_project_member, |