gitlab-org--gitlab-foss

Commit Graph

Author	SHA1	Message	Date
Sean McGivern	af6cf695c4	Add specs for a user from a group link	2016-10-28 15:11:32 +01:00
Sean McGivern	db9979bcad	Fix project member access for group links `ProjectTeam#find_member` doesn't take group links into account. It was used in two places: 1. An admin view - it can stay here. 2. `ProjectTeam#member?`, which is often used to decide if a user has access to view something. This second part broke confidential issues viewing. `IssuesFinder` ends up delegating to `Project#authorized_for_user?`, which does consider group links, so users with access to the project via a group link could see confidential issues on the index page. However, `IssuesPolicy` used `ProjectTeam#member?`, so the same user couldn't view the issue when going to it directly.	2016-10-28 09:20:55 +01:00

Author

SHA1

Message

Date

Sean McGivern

af6cf695c4

Add specs for a user from a group link

2016-10-28 15:11:32 +01:00

Sean McGivern

db9979bcad

Fix project member access for group links

`ProjectTeam#find_member` doesn't take group links into account. It was
used in two places:

1. An admin view - it can stay here.
2. `ProjectTeam#member?`, which is often used to decide if a user has
   access to view something.

This second part broke confidential issues viewing. `IssuesFinder` ends
up delegating to `Project#authorized_for_user?`, which does consider
group links, so users with access to the project via a group link could
see confidential issues on the index page. However, `IssuesPolicy` used
`ProjectTeam#member?`, so the same user couldn't view the issue when
going to it directly.

2016-10-28 09:20:55 +01:00

2 Commits