diff options
| author | drew cimino <dcimino@gitlab.com> | 2019-06-28 17:40:34 +0300 |
|---|---|---|
| committer | drew cimino <dcimino@gitlab.com> | 2019-07-05 18:40:31 +0300 |
| commit | 51f506cacddcac58edfd832bf8beead3135a11b1 (patch) | |
| tree | 2ca1691dc7a46dde8393b04c357bcbc12a41a3cc /changelogs | |
| parent | 08a51a9db938bb05f9a4c999075d010079e16bad (diff) | |
Use MergeRequest#source_project as permissions reference for MergeRequest#all_pipelines
MergeRequest#all_pipelines fetches Ci::Pipeline records from the source
project, so we should specifically check that project for permissions.
This was already happening for intra-project merge requests, but in the
event that the target and source projects both have private builds, we
should ensure that the project permissions are respected.
Diffstat (limited to 'changelogs')
| -rw-r--r-- | changelogs/unreleased/security-mr-pipeline-permissions.yml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-mr-pipeline-permissions.yml b/changelogs/unreleased/security-mr-pipeline-permissions.yml new file mode 100644 index 00000000000..a317c93228c --- /dev/null +++ b/changelogs/unreleased/security-mr-pipeline-permissions.yml @@ -0,0 +1,5 @@ +--- +title: Use source project as permissions reference for MergeRequestsController#pipelines +merge_request: +author: +type: security |