From 7a9764bb646d28cf3e403be6c4cfe5875b1e9a44 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 1 Jun 2022 07:28:43 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@15-0-stable-ee

---
 app/services/ci/pipeline_trigger_service.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app')

diff --git a/app/services/ci/pipeline_trigger_service.rb b/app/services/ci/pipeline_trigger_service.rb
index 06eb1aee8e6..39ac9bf33e9 100644
--- a/app/services/ci/pipeline_trigger_service.rb
+++ b/app/services/ci/pipeline_trigger_service.rb
@@ -27,6 +27,7 @@ module Ci
     def create_pipeline_from_trigger(trigger)
       # this check is to not leak the presence of the project if user cannot read it
       return unless trigger.project == project
+      return unless can?(trigger.owner, :read_project, project)
 
       response = Ci::CreatePipelineService
         .new(project, trigger.owner, ref: params[:ref], variables_attributes: variables)
-- 
cgit v1.2.3