summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGELOG1
-rw-r--r--app/helpers/projects_helper.rb6
-rw-r--r--app/models/ability.rb1
3 files changed, 7 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 9fe1e8c90c7..b1d079ef207 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
Please view this file on the master branch, on stable branches it's out of date.
v 7.14.0 (unreleased)
+ - Fix label read access for unauthenticated users (Daniel Gerhardt)
- Fix OAuth provider bug where GitLab would not go return to the redirect_uri after sign-in (Stan Hu)
- Fix file upload dialog for comment editing (Daniel Gerhardt)
- Expire Rails cache entries after two weeks to prevent endless Redis growth
diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index f61baf00525..3cd52b381bd 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -131,8 +131,12 @@ module ProjectsHelper
nav_tabs << :snippets
end
+ if can?(current_user, :read_label, project)
+ nav_tabs << :labels
+ end
+
if can?(current_user, :read_milestone, project)
- nav_tabs << [:milestones, :labels]
+ nav_tabs << :milestones
end
nav_tabs.flatten
diff --git a/app/models/ability.rb b/app/models/ability.rb
index d3631d49ec6..7dab50d47d4 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -35,6 +35,7 @@ class Ability
:read_project,
:read_wiki,
:read_issue,
+ :read_label,
:read_milestone,
:read_project_snippet,
:read_project_member,
View Lorry Controller Status