diff options
author | Nick Thomas <nick@gitlab.com> | 2019-11-19 19:17:35 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2019-11-25 14:50:16 +0300 |
commit | b49d06e415a247b80cc3edd11f137c025163a31a (patch) | |
tree | baeb898a2d56e8be3c0544cfd172ae445fadcc31 /lib | |
parent | 4d477238500c347c6553d335d920bedfc5a46869 (diff) |
Check permissions before showing a forked project's source
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/entities.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 91811efacd7..dde0f291bb3 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -283,7 +283,9 @@ module API expose :shared_runners_enabled expose :lfs_enabled?, as: :lfs_enabled expose :creator_id - expose :forked_from_project, using: Entities::BasicProjectDetails, if: lambda { |project, options| project.forked? } + expose :forked_from_project, using: Entities::BasicProjectDetails, if: ->(project, options) do + project.forked? && Ability.allowed?(options[:current_user], :read_project, project.forked_from_project) + end expose :import_status expose :import_error, if: lambda { |_project, options| options[:user_can_admin_project] } do |project| |