Commit 2e006642 authored by Sean McGivern's avatar Sean McGivern

Merge branch 'fj-fix-bug-when-user-anonymous-and-import' into 'master'

Fix bug when user anonymous and import route accessed

See merge request gitlab-org/gitlab!46215
parents eca2ef23 161c812c
...@@ -55,7 +55,7 @@ class Projects::ImportsController < Projects::ApplicationController ...@@ -55,7 +55,7 @@ class Projects::ImportsController < Projects::ApplicationController
end end
def require_namespace_project_creation_permission def require_namespace_project_creation_permission
render_404 unless current_user.can?(:admin_project, @project) || current_user.can?(:create_projects, @project.namespace) render_404 unless can?(current_user, :admin_project, @project) || can?(current_user, :create_projects, @project.namespace)
end end
def redirect_if_progress def redirect_if_progress
......
---
title: Fix bug accessing import route with no user
merge_request: 46215
author:
type: fixed
...@@ -7,10 +7,21 @@ RSpec.describe Projects::ImportsController do ...@@ -7,10 +7,21 @@ RSpec.describe Projects::ImportsController do
let(:project) { create(:project) } let(:project) { create(:project) }
before do before do
sign_in(user) sign_in(user) if user
end end
describe 'GET #show' do describe 'GET #show' do
context 'when user is not authenticated and the project is public' do
let(:user) { nil }
let(:project) { create(:project, :public) }
it 'returns 404 response' do
get :show, params: { namespace_id: project.namespace.to_param, project_id: project }
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'when the user has maintainer rights' do context 'when the user has maintainer rights' do
before do before do
project.add_maintainer(user) project.add_maintainer(user)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment