diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:42:57 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:42:57 +0300 |
commit | 1fb0bae24e6686b3571fc1c44cbf239d8563e0d7 (patch) | |
tree | f2023d9164543389c3eee436de750d8a49c3a535 /lib | |
parent | 2fa10931183f6d699f77575f084770b1e4b5470d (diff) |
Add latest changes from gitlab-org/security/gitlab@16-3-stable-ee
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/projects.rb | 7 | ||||
-rw-r--r-- | lib/gitlab/pagination/gitaly_keyset_pager.rb | 6 |
2 files changed, 9 insertions, 4 deletions
diff --git a/lib/api/projects.rb b/lib/api/projects.rb index f6a2ce0f829..6d13512aad6 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -691,6 +691,7 @@ module API desc 'Mark this project as forked from another' do success code: 201, model: Entities::Project failure [ + { code: 401, message: 'Unauthorized' }, { code: 403, message: 'Unauthenticated' }, { code: 404, message: 'Not found' } ] @@ -708,7 +709,11 @@ module API authorize! :fork_project, fork_from_project - result = ::Projects::ForkService.new(fork_from_project, current_user).execute(user_project) + service = ::Projects::ForkService.new(fork_from_project, current_user) + + unauthorized!('Target Namespace') unless service.valid_fork_target?(user_project.namespace) + + result = service.execute(user_project) if result present_project user_project.reset, with: Entities::Project, current_user: current_user diff --git a/lib/gitlab/pagination/gitaly_keyset_pager.rb b/lib/gitlab/pagination/gitaly_keyset_pager.rb index 6235874132f..82d6fc64d89 100644 --- a/lib/gitlab/pagination/gitaly_keyset_pager.rb +++ b/lib/gitlab/pagination/gitaly_keyset_pager.rb @@ -15,7 +15,7 @@ module Gitlab # It is expected that the given finder will respond to `execute` method with `gitaly_pagination:` option # and supports pagination via gitaly. def paginate(finder) - return finder.execute(gitaly_pagination: false) if no_pagination? + return finder.execute(gitaly_pagination: false) if no_pagination?(finder) return paginate_via_gitaly(finder) if keyset_pagination_enabled?(finder) return paginate_first_page_via_gitaly(finder) if paginate_first_page?(finder) @@ -28,8 +28,8 @@ module Gitlab private - def no_pagination? - params[:pagination] == 'none' + def no_pagination?(finder) + params[:pagination] == 'none' && finder.is_a?(::Repositories::TreeFinder) end def keyset_pagination_enabled?(finder) |