diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-28 15:11:16 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-28 15:11:16 +0300 |
commit | 48c36378567b3dbadd780b03ecda571652cff400 (patch) | |
tree | f1d4accd3942a27e6c27a9a7f34c99d893d8794b /app | |
parent | 7b848eda5589ff5fa1bc3c6f782fc907c59a4417 (diff) |
Add latest changes from gitlab-org/security/gitlab@16-1-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/concerns/analytics/cycle_analytics/value_stream_actions.rb | 7 | ||||
-rw-r--r-- | app/helpers/users_helper.rb | 2 | ||||
-rw-r--r-- | app/policies/project_policy.rb | 2 |
3 files changed, 9 insertions, 2 deletions
diff --git a/app/controllers/concerns/analytics/cycle_analytics/value_stream_actions.rb b/app/controllers/concerns/analytics/cycle_analytics/value_stream_actions.rb index f10b23d1664..cf0430307a3 100644 --- a/app/controllers/concerns/analytics/cycle_analytics/value_stream_actions.rb +++ b/app/controllers/concerns/analytics/cycle_analytics/value_stream_actions.rb @@ -7,6 +7,9 @@ module Analytics included do before_action :authorize + # Defining the before action here, because in the EE module we cannot define a before_action. + # Reason: this is a module which is being included into a controller. This module is extended in EE. + before_action :authorize_modification, only: %i[create destroy update] # rubocop:disable Rails/LexicallyScopedActionFilter end def index @@ -25,6 +28,10 @@ module Analytics def authorize authorize_read_cycle_analytics! end + + def authorize_modification + # no-op, overridden in EE + end end end end diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb index c8002c437a9..acc7d8a5a10 100644 --- a/app/helpers/users_helper.rb +++ b/app/helpers/users_helper.rb @@ -136,7 +136,7 @@ module UsersHelper def confirm_user_data(user) message = if user.unconfirmed_email.present? - _('This user has an unconfirmed email address (%{email}). You may force a confirmation.') % { email: user.unconfirmed_email } + safe_format(_('This user has an unconfirmed email address (%{email}). You may force a confirmation.'), email: user.unconfirmed_email) else _('This user has an unconfirmed email address. You may force a confirmation.') end diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index c70dc288710..cdb7c3eca46 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -670,7 +670,7 @@ class ProjectPolicy < BasePolicy enable :read_project_for_iids end - rule { ~public_project & ~internal_access & ~project_allowed_for_job_token }.prevent_all + rule { ~project_allowed_for_job_token }.prevent_all rule { can?(:public_access) }.policy do enable :read_package |