diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-11-03 17:51:13 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2017-11-03 17:51:13 +0000 |
| commit | 3971f9556d7f6fc3fcf68a8020d99033b0569604 (patch) | |
| tree | 386fd60103715842086911eb402f334f84121ada /app | |
| parent | 539dbef04e2111ea6e36c7392dbe634173ece55f (diff) | |
| parent | 3ae5f7900cb222499948eedc982a1830a7402c3c (diff) | |
| download | gitlab-ce-3971f9556d7f6fc3fcf68a8020d99033b0569604.tar.gz | |
Merge branch 'issue_39176' into 'master'
Render 404 when polling commit notes without having permissions
Closes #39176
See merge request gitlab-org/gitlab-ce!15140
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/concerns/notes_actions.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/app/controllers/concerns/notes_actions.rb b/app/controllers/concerns/notes_actions.rb index 1126f706393..fb9c942d302 100644 --- a/app/controllers/concerns/notes_actions.rb +++ b/app/controllers/concerns/notes_actions.rb @@ -4,6 +4,7 @@ module NotesActions included do before_action :set_polling_interval_header, only: [:index] + before_action :noteable, only: :index before_action :authorize_admin_note!, only: [:update, :destroy] before_action :note_project, only: [:create] end @@ -188,7 +189,7 @@ module NotesActions end def noteable - @noteable ||= notes_finder.target + @noteable ||= notes_finder.target || render_404 end def last_fetched_at |