Prevent private snippets in public/internal projects from being leaked via API

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15580
author: Stan Hu <stanhu@gmail.com> 2016-04-24 21:45:26 -0700
committer: Stan Hu <stanhu@gmail.com> 2016-04-25 12:02:06 -0700
commit: d5267dfd0dac8e4cab4919bf8aca611de3a5497b (patch)
tree: 522d7edfaaf022e2d41cba82a76187777c9e9a2c /app/finders
parent: 81cb636e4fcb7ea76db84a92aac65a73f2376458 (diff)
download: gitlab-ce-d5267dfd0dac8e4cab4919bf8aca611de3a5497b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/finders/snippets_finder.rb b/app/finders/snippets_finder.rb
index a41172816b8..01cbf91c658 100644
--- a/app/finders/snippets_finder.rb
+++ b/app/finders/snippets_finder.rb
@@ -51,7 +51,7 @@ class SnippetsFinder
     snippets = project.snippets.fresh
 
     if current_user
-      if project.team.member?(current_user.id)
+      if project.team.member?(current_user.id) || current_user.admin?
         snippets
       else
         snippets.public_and_internal
author	Stan Hu <stanhu@gmail.com>	2016-04-24 21:45:26 -0700
committer	Stan Hu <stanhu@gmail.com>	2016-04-25 12:02:06 -0700
commit	d5267dfd0dac8e4cab4919bf8aca611de3a5497b (patch)
tree	522d7edfaaf022e2d41cba82a76187777c9e9a2c /app/finders
parent	81cb636e4fcb7ea76db84a92aac65a73f2376458 (diff)
download	gitlab-ce-d5267dfd0dac8e4cab4919bf8aca611de3a5497b.tar.gz