From 42c5548470596a37ed1a071e3bb72af2c9c35c0e Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Wed, 27 Jul 2022 19:03:37 +0000 Subject: Add latest changes from gitlab-org/security/gitlab@15-0-stable-ee --- app/controllers/autocomplete_controller.rb | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'app/controllers/autocomplete_controller.rb') diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb index f84d2ed320d..22d7ccbd069 100644 --- a/app/controllers/autocomplete_controller.rb +++ b/app/controllers/autocomplete_controller.rb @@ -5,6 +5,7 @@ class AutocompleteController < ApplicationController skip_before_action :authenticate_user!, only: [:users, :award_emojis, :merge_request_target_branches] before_action :check_search_rate_limit!, only: [:users, :projects] + before_action :authorize_admin_project, only: :deploy_keys_with_owners feature_category :users, [:users, :user] feature_category :projects, [:projects] @@ -67,6 +68,10 @@ class AutocompleteController < ApplicationController private + def authorize_admin_project + render_403 unless Ability.allowed?(current_user, :admin_project, project) + end + def project @project ||= Autocomplete::ProjectFinder .new(current_user, params) -- cgit v1.2.1 From 9f8db4b0e551fe6c658b89c98db8e408e709aad6 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Wed, 27 Jul 2022 19:06:03 +0000 Subject: Add latest changes from gitlab-org/security/gitlab@15-0-stable-ee --- app/controllers/autocomplete_controller.rb | 5 ----- 1 file changed, 5 deletions(-) (limited to 'app/controllers/autocomplete_controller.rb') diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb index 22d7ccbd069..f84d2ed320d 100644 --- a/app/controllers/autocomplete_controller.rb +++ b/app/controllers/autocomplete_controller.rb @@ -5,7 +5,6 @@ class AutocompleteController < ApplicationController skip_before_action :authenticate_user!, only: [:users, :award_emojis, :merge_request_target_branches] before_action :check_search_rate_limit!, only: [:users, :projects] - before_action :authorize_admin_project, only: :deploy_keys_with_owners feature_category :users, [:users, :user] feature_category :projects, [:projects] @@ -68,10 +67,6 @@ class AutocompleteController < ApplicationController private - def authorize_admin_project - render_403 unless Ability.allowed?(current_user, :admin_project, project) - end - def project @project ||= Autocomplete::ProjectFinder .new(current_user, params) -- cgit v1.2.1 From f415ebdb978c4eb976d07664219c788918120d59 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Thu, 28 Jul 2022 08:36:01 +0000 Subject: Add latest changes from gitlab-org/security/gitlab@15-0-stable-ee --- app/controllers/autocomplete_controller.rb | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'app/controllers/autocomplete_controller.rb') diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb index f84d2ed320d..22d7ccbd069 100644 --- a/app/controllers/autocomplete_controller.rb +++ b/app/controllers/autocomplete_controller.rb @@ -5,6 +5,7 @@ class AutocompleteController < ApplicationController skip_before_action :authenticate_user!, only: [:users, :award_emojis, :merge_request_target_branches] before_action :check_search_rate_limit!, only: [:users, :projects] + before_action :authorize_admin_project, only: :deploy_keys_with_owners feature_category :users, [:users, :user] feature_category :projects, [:projects] @@ -67,6 +68,10 @@ class AutocompleteController < ApplicationController private + def authorize_admin_project + render_403 unless Ability.allowed?(current_user, :admin_project, project) + end + def project @project ||= Autocomplete::ProjectFinder .new(current_user, params) -- cgit v1.2.1