Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <robert+release-tools@gitlab.com>2019-08-26 10:43:01 +0300
committerGitLab Release Tools Bot <robert+release-tools@gitlab.com>2019-08-26 10:43:01 +0300
commit71636fed6e048b41cc595871bea412d6e75c56ea (patch)
tree39f54a2b617026c04b62a325a975e7954c8431f5 /app
parentffb237a45b3232d0deebcbfbbc5daf3515038dfd (diff)
parent0b0ee2bc9df042ba7a7d4dc9135c45170ca65c93 (diff)
Merge branch 'security-mr-head-pipeline-leak-12-1' into '12-1-stable'
Permission fix for MergeRequestsController#pipeline_status See merge request gitlab/gitlabhq!3278
Diffstat (limited to 'app')
-rw-r--r--app/controllers/projects/merge_requests_controller.rb9
1 files changed, 8 insertions, 1 deletions
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index c9a1f28f87e..a2e6f878f90 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -189,7 +189,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
def pipeline_status
render json: PipelineSerializer
.new(project: @project, current_user: @current_user)
- .represent_status(@merge_request.head_pipeline)
+ .represent_status(head_pipeline)
end
def ci_environments_status
@@ -239,6 +239,13 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
private
+ def head_pipeline
+ strong_memoize(:head_pipeline) do
+ pipeline = @merge_request.head_pipeline
+ pipeline if can?(current_user, :read_pipeline, pipeline)
+ end
+ end
+
def ci_environments_status_on_merge_result?
params[:environment_target] == 'merge_commit'
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-15 17:44:06 +0300