Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-08-03 15:02:37 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2021-08-03 15:02:37 +0300
commit70966bf1a7079852c7857d2868e14830b100a92d (patch)
tree194f657c3cadfc92906eeb0bbb1cad7d5df18e10 /app
parentb1bbcf85684cee176ed5bb7eb43dd487a75f18fa (diff)
Add latest changes from gitlab-org/security/gitlab@14-1-stable-ee
Diffstat (limited to 'app')
-rw-r--r--app/controllers/projects/pipelines_controller.rb2
-rw-r--r--app/graphql/resolvers/project_pipeline_statistics_resolver.rb4
-rw-r--r--app/policies/project_policy.rb3
3 files changed, 8 insertions, 1 deletions
diff --git a/app/controllers/projects/pipelines_controller.rb b/app/controllers/projects/pipelines_controller.rb
index 0f7dc2afd0d..ba7c86434e0 100644
--- a/app/controllers/projects/pipelines_controller.rb
+++ b/app/controllers/projects/pipelines_controller.rb
@@ -9,7 +9,7 @@ class Projects::PipelinesController < Projects::ApplicationController
before_action :set_pipeline_path, only: [:show]
before_action :authorize_read_pipeline!
before_action :authorize_read_build!, only: [:index, :show]
- before_action :authorize_read_analytics!, only: [:charts]
+ before_action :authorize_read_ci_cd_analytics!, only: [:charts]
before_action :authorize_create_pipeline!, only: [:new, :create, :config_variables]
before_action :authorize_update_pipeline!, only: [:retry, :cancel]
before_action do
diff --git a/app/graphql/resolvers/project_pipeline_statistics_resolver.rb b/app/graphql/resolvers/project_pipeline_statistics_resolver.rb
index 29ab9402f5b..79d01b9bf2e 100644
--- a/app/graphql/resolvers/project_pipeline_statistics_resolver.rb
+++ b/app/graphql/resolvers/project_pipeline_statistics_resolver.rb
@@ -2,8 +2,12 @@
module Resolvers
class ProjectPipelineStatisticsResolver < BaseResolver
+ include Gitlab::Graphql::Authorize::AuthorizeResource
type Types::Ci::AnalyticsType, null: true
+ authorizes_object!
+ authorize :read_ci_cd_analytics
+
def resolve
weekly_stats = Gitlab::Ci::Charts::WeekChart.new(object)
monthly_stats = Gitlab::Ci::Charts::MonthChart.new(object)
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index fc959c5c6cb..6f5bbf8c021 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -288,6 +288,7 @@ class ProjectPolicy < BasePolicy
enable :read_confidential_issues
enable :read_package
enable :read_product_analytics
+ enable :read_ci_cd_analytics
end
# We define `:public_user_access` separately because there are cases in gitlab-ee
@@ -487,6 +488,7 @@ class ProjectPolicy < BasePolicy
prevent(:read_insights)
prevent(:read_cycle_analytics)
prevent(:read_repository_graphs)
+ prevent(:read_ci_cd_analytics)
end
rule { wiki_disabled }.policy do
@@ -562,6 +564,7 @@ class ProjectPolicy < BasePolicy
enable :read_cycle_analytics
enable :read_pages_content
enable :read_analytics
+ enable :read_ci_cd_analytics
enable :read_insights
# NOTE: may be overridden by IssuePolicy
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 14:38:25 +0300