Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
3ae5f790
Commit
3ae5f790
authored
7 years ago
by
Felipe Artur
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Render 404 when polling commit notes without having permissions
parent
bfb5107a
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
20 additions
and
1 deletion
+20
-1
app/controllers/concerns/notes_actions.rb
app/controllers/concerns/notes_actions.rb
+2
-1
changelogs/unreleased/issue_39176.yml
changelogs/unreleased/issue_39176.yml
+5
-0
spec/controllers/projects/notes_controller_spec.rb
spec/controllers/projects/notes_controller_spec.rb
+13
-0
No files found.
app/controllers/concerns/notes_actions.rb
View file @
3ae5f790
...
...
@@ -4,6 +4,7 @@ module NotesActions
included
do
before_action
:set_polling_interval_header
,
only:
[
:index
]
before_action
:noteable
,
only: :index
before_action
:authorize_admin_note!
,
only:
[
:update
,
:destroy
]
before_action
:note_project
,
only:
[
:create
]
end
...
...
@@ -188,7 +189,7 @@ module NotesActions
end
def
noteable
@noteable
||=
notes_finder
.
target
@noteable
||=
notes_finder
.
target
||
render_404
end
def
last_fetched_at
...
...
This diff is collapsed.
Click to expand it.
changelogs/unreleased/issue_39176.yml
0 → 100644
View file @
3ae5f790
---
title
:
Render 404 when polling commit notes without having permissions
merge_request
:
author
:
type
:
fixed
This diff is collapsed.
Click to expand it.
spec/controllers/projects/notes_controller_spec.rb
View file @
3ae5f790
...
...
@@ -105,6 +105,19 @@ describe Projects::NotesController do
expect
(
note_json
[
:discussion_html
]).
to
be_nil
expect
(
note_json
[
:diff_discussion_html
]).
to
be_nil
end
context
'when user cannot read commit'
do
before
do
allow
(
Ability
).
to
receive
(
:allowed?
).
and_call_original
allow
(
Ability
).
to
receive
(
:allowed?
).
with
(
user
,
:download_code
,
project
).
and_return
(
false
)
end
it
'renders 404'
do
get
:index
,
params
expect
(
response
).
to
have_gitlab_http_status
(
404
)
end
end
end
end
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment