diff options
author | Fabio Pitino <fpitino@gitlab.com> | 2019-06-21 19:56:03 +0300 |
---|---|---|
committer | Fabio Pitino <fpitino@gitlab.com> | 2019-06-27 11:18:39 +0300 |
commit | c9b9ae9d79003bf3c8589fa2b71d232d3ab0d321 (patch) | |
tree | 352f8df341460e20a1dae787aef9d763449ff982 /changelogs | |
parent | 73dae02756b77e66ee66c462ab4b0efaa1ebf6ec (diff) |
Don't display badges when builds are restricted
Badges were leaked to unauthorized users even when Public Builds
project setting is disabled.
Added guard clause to the controller to check if user can read
build.
Diffstat (limited to 'changelogs')
-rw-r--r-- | changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml b/changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml new file mode 100644 index 00000000000..9526f3c559f --- /dev/null +++ b/changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml @@ -0,0 +1,5 @@ +--- +title: Show badges if pipelines are public otherwise default to project permissions. +erge_request: +author: +type: security |