WIPash.mckenzie/secret-snippets

author: Ash McKenzie <amckenzie@gitlab.com> 2018-06-10 22:56:17 +1000
committer: Ash McKenzie <amckenzie@gitlab.com> 2018-06-13 12:11:38 +1000
commit: 2f297034036055aaf37f86ece22723aedf8741bf (patch)
tree: 731fab3c82dd23d63ba9b89ad101d11e409d2fe0 /app/controllers/snippets_controller.rb
parent: f646a8b9bc95fd6cecaa754f7dd0e8370c201502 (diff)
download: gitlab-ce-ash.mckenzie/secret-snippets.tar.gz
1 files changed, 5 insertions, 5 deletions
diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index 3d51520ddf4..890614c0e28 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -3,6 +3,7 @@ class SnippetsController < ApplicationController
   include ToggleAwardEmoji
   include SpammableActions
   include SnippetsActions
+  include SnippetsUrl
   include RendersBlob
   include PreviewMarkdown
 
@@ -13,6 +14,9 @@ class SnippetsController < ApplicationController
   # Allow read snippet
   before_action :authorize_read_snippet!, only: [:show, :raw]
 
+  # Ensure we're displaying the correct url, specifically for secret snippets
+  before_action :ensure_complete_url, only: [:show, :raw]
+
   # Allow modify snippet
   before_action :authorize_update_snippet!, only: [:edit, :update]
 
@@ -108,11 +112,7 @@ class SnippetsController < ApplicationController
   def authorize_read_snippet!
     return if can?(current_user, :read_personal_snippet, @snippet)
 
-    if current_user
-      render_404
-    else
-      authenticate_user!
-    end
+    authorize_secret_snippet!
   end
 
   def authorize_update_snippet!
author	Ash McKenzie <amckenzie@gitlab.com>	2018-06-10 22:56:17 +1000
committer	Ash McKenzie <amckenzie@gitlab.com>	2018-06-13 12:11:38 +1000
commit	2f297034036055aaf37f86ece22723aedf8741bf (patch)
tree	731fab3c82dd23d63ba9b89ad101d11e409d2fe0 /app/controllers/snippets_controller.rb
parent	f646a8b9bc95fd6cecaa754f7dd0e8370c201502 (diff)
download	gitlab-ce-ash.mckenzie/secret-snippets.tar.gz