diff options
author | drew cimino <dcimino@gitlab.com> | 2019-06-28 17:40:34 +0300 |
---|---|---|
committer | drew cimino <dcimino@gitlab.com> | 2019-07-26 18:49:16 +0300 |
commit | 70676286e05c9a8bea36919535b20a087392f137 (patch) | |
tree | 92c06035f32bab18c9985a6b5fdc3aefa3944df6 /app | |
parent | cd66293dfc46e5cd08015485e18b4770e5c89607 (diff) |
Use MergeRequest#source_project as permissions reference for MergeRequest#all_pipelines
MergeRequest#all_pipelines fetches Ci::Pipeline records from the source
project, so we should specifically check that project for permissions.
This was already happening for intra-project merge requests, but in the
event that the target and source projects both have private builds, we
should ensure that the project permissions are respected.
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects/merge_requests/application_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/merge_requests_controller.rb | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/app/controllers/projects/merge_requests/application_controller.rb b/app/controllers/projects/merge_requests/application_controller.rb index dcc272aecff..006731c0e66 100644 --- a/app/controllers/projects/merge_requests/application_controller.rb +++ b/app/controllers/projects/merge_requests/application_controller.rb @@ -45,7 +45,7 @@ class Projects::MergeRequests::ApplicationController < Projects::ApplicationCont def set_pipeline_variables @pipelines = - if can?(current_user, :read_pipeline, @project) + if can?(current_user, :read_pipeline, @merge_request.source_project) @merge_request.all_pipelines else Ci::Pipeline.none diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index 2aa2508be16..f4d381244d9 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -82,7 +82,8 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo end def pipelines - @pipelines = @merge_request.all_pipelines.page(params[:page]).per(30) + set_pipeline_variables + @pipelines = @pipelines.page(params[:page]).per(30) Gitlab::PollingInterval.set_header(response, interval: 10_000) |