diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-11-26 15:01:37 +0300 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-11-26 15:01:37 +0300 |
| commit | ddd05f245513e5a34b8db2b600dd1e628be43fd2 (patch) | |
| tree | a02f2cd26758a4743e19b9affa032d6b0de8422d /lib | |
| parent | 1a51bc936a37a1a70f43d7edf234048c7b6027f9 (diff) | |
| parent | 60aa4c9bcd008f4fcacfa23e0aa6d7ec0d8bb220 (diff) | |
Merge branch 'security-ag-cycle-analytics-guest-permissions-12-4' into '12-4-stable'
Prevent guests from seeing commits for cycle analytics
See merge request gitlab/gitlabhq!3533
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/cycle_analytics/stage_summary.rb | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/lib/gitlab/cycle_analytics/stage_summary.rb b/lib/gitlab/cycle_analytics/stage_summary.rb index ea440c441b7..9c75d4bb455 100644 --- a/lib/gitlab/cycle_analytics/stage_summary.rb +++ b/lib/gitlab/cycle_analytics/stage_summary.rb @@ -11,13 +11,29 @@ module Gitlab end def data - [serialize(Summary::Issue.new(project: @project, from: @from, to: @to, current_user: @current_user)), - serialize(Summary::Commit.new(project: @project, from: @from, to: @to)), - serialize(Summary::Deploy.new(project: @project, from: @from, to: @to))] + summary = [issue_stats] + summary << commit_stats if user_has_sufficient_access? + summary << deploy_stats end private + def issue_stats + serialize(Summary::Issue.new(project: @project, from: @from, to: @to, current_user: @current_user)) + end + + def commit_stats + serialize(Summary::Commit.new(project: @project, from: @from, to: @to)) + end + + def deploy_stats + serialize(Summary::Deploy.new(project: @project, from: @from, to: @to)) + end + + def user_has_sufficient_access? + @project.team.member?(@current_user, Gitlab::Access::REPORTER) + end + def serialize(summary_object) AnalyticsSummarySerializer.new.represent(summary_object) end |