diff options
| author | drew cimino <dcimino@gitlab.com> | 2019-06-28 10:40:34 -0400 |
|---|---|---|
| committer | drew cimino <dcimino@gitlab.com> | 2019-07-05 11:24:33 -0400 |
| commit | 019caa8de59f0ca701d4f099a4068605b17e3b93 (patch) | |
| tree | 75d68bf840dd0de0261595ddf4b64b2740de6740 /changelogs | |
| parent | 2ad75a4f96c4d377e18788966e7eefee4d78b6d2 (diff) | |
| download | gitlab-ce-019caa8de59f0ca701d4f099a4068605b17e3b93.tar.gz | |
Use MergeRequest#source_project as permissions reference for MergeRequest#all_pipelines
MergeRequest#all_pipelines fetches Ci::Pipeline records from the source
project, so we should specifically check that project for permissions.
This was already happening for intra-project merge requests, but in the
event that the target and source projects both have private builds, we
should ensure that the project permissions are respected.
Diffstat (limited to 'changelogs')
| -rw-r--r-- | changelogs/unreleased/security-mr-pipeline-permissions.yml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-mr-pipeline-permissions.yml b/changelogs/unreleased/security-mr-pipeline-permissions.yml new file mode 100644 index 00000000000..a317c93228c --- /dev/null +++ b/changelogs/unreleased/security-mr-pipeline-permissions.yml @@ -0,0 +1,5 @@ +--- +title: Use source project as permissions reference for MergeRequestsController#pipelines +merge_request: +author: +type: security |