-
Douwe Maan authored
Check permissions when sharing project with group ## Summary Unprivileged user was able to share project with group he didn't have access to, and therefore gain partial access to that group, which opened possibilities for further actions like listing private projects in that group. See https://gitlab.com/gitlab-org/gitlab-ce/issues/15330 ## Fix This change introduces additional check for group read access. ## Further work We can think about preventing such problems in the future (this is quite common problem) by moving permissions checks to another layer of abstraction (TBD). Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15330 See merge request !1949 Signed-off-by: Rémy Coutable <remy@rymai.me>
ae1e3fb8
To find the state of this project's repository at the time of any of these versions, check out
the tags.