From 69417d36b2fa4dfbe2205c4df1428eb17ebd061e Mon Sep 17 00:00:00 2001 From: Daniel Gerhardt Date: Sun, 19 Jul 2015 20:58:59 +0200 Subject: Fix label read access for unauthenticated users The label page was added to navigation for unauthorized users because the previously used milestone read permission was still checked. This has been fixed and read access to labels is now granted (again) for public projects. This regression has been introduced in 07efb17e10fe26a01b60d8441868f9fbda0768f2 (7.12). See also 9bcd36396b9b71467f66dd4ed79ab709bb5d027a. Refs !836, !842. --- CHANGELOG | 1 + app/helpers/projects_helper.rb | 6 +++++- app/models/ability.rb | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 9fe1e8c90c7..b1d079ef207 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 7.14.0 (unreleased) + - Fix label read access for unauthenticated users (Daniel Gerhardt) - Fix OAuth provider bug where GitLab would not go return to the redirect_uri after sign-in (Stan Hu) - Fix file upload dialog for comment editing (Daniel Gerhardt) - Expire Rails cache entries after two weeks to prevent endless Redis growth diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb index f61baf00525..3cd52b381bd 100644 --- a/app/helpers/projects_helper.rb +++ b/app/helpers/projects_helper.rb @@ -131,8 +131,12 @@ module ProjectsHelper nav_tabs << :snippets end + if can?(current_user, :read_label, project) + nav_tabs << :labels + end + if can?(current_user, :read_milestone, project) - nav_tabs << [:milestones, :labels] + nav_tabs << :milestones end nav_tabs.flatten diff --git a/app/models/ability.rb b/app/models/ability.rb index d3631d49ec6..7dab50d47d4 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -35,6 +35,7 @@ class Ability :read_project, :read_wiki, :read_issue, + :read_label, :read_milestone, :read_project_snippet, :read_project_member, -- cgit v1.2.1