diff options
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/api.rb | 4 | ||||
| -rw-r--r-- | lib/api/projects.rb | 6 |
2 files changed, 10 insertions, 0 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb index 0bbf73a1b63..99722a0a65c 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -73,5 +73,9 @@ module API mount ::API::Triggers mount ::API::Users mount ::API::Variables + + route :any, '*path' do + error!('404 Not Found', 404) + end end end diff --git a/lib/api/projects.rb b/lib/api/projects.rb index c24e8e8bd9b..da16e24d7ea 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -416,6 +416,12 @@ module API required_attributes! [:group_id, :group_access] attrs = attributes_for_keys [:group_id, :group_access, :expires_at] + group = Group.find_by_id(attrs[:group_id]) + + unless group && can?(current_user, :read_group, group) + not_found!('Group') + end + unless user_project.allowed_to_share_with_group? return render_api_error!("The project sharing with group is disabled", 400) end |