diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-01 21:28:24 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-01 21:28:24 +0300 |
commit | 47414496d427785d86832bcaca617233f904a2e0 (patch) | |
tree | 55c0e9671c5f513654fabdfc6dea1982528a5f9e /lib/api | |
parent | 6b75388b67c35271bc18f2dbd41a72accd927808 (diff) |
Add latest changes from gitlab-org/security/gitlab@15-9-stable-ee
Diffstat (limited to 'lib/api')
-rw-r--r-- | lib/api/entities/tag.rb | 8 | ||||
-rw-r--r-- | lib/api/tags.rb | 10 |
2 files changed, 15 insertions, 3 deletions
diff --git a/lib/api/entities/tag.rb b/lib/api/entities/tag.rb index 713bae64d5c..5047258dd97 100644 --- a/lib/api/entities/tag.rb +++ b/lib/api/entities/tag.rb @@ -3,6 +3,8 @@ module API module Entities class Tag < Grape::Entity + include RequestAwareEntity + expose :name, documentation: { type: 'string', example: 'v1.0.0' } expose :message, documentation: { type: 'string', example: 'Release v1.0.0' } expose :target, documentation: { type: 'string', example: '2695effb5807a22ff3d138d593fd856244e155e7' } @@ -12,7 +14,7 @@ module API end # rubocop: disable CodeReuse/ActiveRecord - expose :release, using: Entities::TagRelease do |repo_tag, options| + expose :release, using: Entities::TagRelease, if: ->(*) { can_read_release? } do |repo_tag, options| options[:project].releases.find_by(tag: repo_tag.name) end # rubocop: enable CodeReuse/ActiveRecord @@ -20,6 +22,10 @@ module API expose :protected, documentation: { type: 'boolean', example: true } do |repo_tag, options| ::ProtectedTag.protected?(options[:project], repo_tag.name) end + + def can_read_release? + can?(options[:current_user], :read_release, options[:project]) + end end end end diff --git a/lib/api/tags.rb b/lib/api/tags.rb index 4ddf22c726f..f918fb997bf 100644 --- a/lib/api/tags.rb +++ b/lib/api/tags.rb @@ -45,7 +45,13 @@ module API paginated_tags = Gitlab::Pagination::GitalyKeysetPager.new(self, user_project).paginate(tags_finder) - present_cached paginated_tags, with: Entities::Tag, project: user_project, cache_context: -> (_tag) { user_project.cache_key } + present_cached paginated_tags, + with: Entities::Tag, + project: user_project, + current_user: current_user, + cache_context: -> (_tag) do + [user_project.cache_key, can?(current_user, :read_release, user_project)].join(':') + end rescue Gitlab::Git::InvalidPageToken => e unprocessable_entity!(e.message) @@ -68,7 +74,7 @@ module API tag = user_project.repository.find_tag(params[:tag_name]) not_found!('Tag') unless tag - present tag, with: Entities::Tag, project: user_project + present tag, with: Entities::Tag, project: user_project, current_user: current_user end desc 'Create a new repository tag' do |