gitlab-org--gitlab-foss/app/controllers/dashboard
Robert Speicher 24f353edc4 Merge branch '17249-starred' into 'master'
Restrict starred projects to viewable ones

`User#starred_projects` doesn't perform any visibility checks. This has
a couple of problems:

1. It assumes a user can always view all of their starred projects in
   perpetuity (project not changed to private, access revoked, etc.).
2. It assumes that we'll only ever allow a user to star a project they
   can view. This is currently the case, but bugs happen.

Add `User#viewable_starred_projects` to filter the starred projects by
those the user either has explicit access to, or are public or
internal. Then use that in all places where we list the user's starred
projects.

Closes #17249.

See merge request !4108
2016-05-11 12:49:29 +00:00
..
application_controller.rb Fix an issue causing the Dashboard/Milestones page to be blank 2016-03-23 12:02:15 +01:00
groups_controller.rb Use the configured Kaminari "per page" default 2016-03-19 17:37:54 -04:00
labels_controller.rb Add to label :id to response 2016-05-03 11:58:43 -05:00
milestones_controller.rb Use respond_to instead of a conditional to paginate milestones 2016-03-23 12:02:15 +01:00
projects_controller.rb Restrict starred projects to viewable ones 2016-05-10 18:13:52 +01:00
snippets_controller.rb Use the configured Kaminari "per page" default 2016-03-19 17:37:54 -04:00
todos_controller.rb Use the configured Kaminari "per page" default 2016-03-19 17:37:54 -04:00