gitlab-org--gitlab-foss/app/finders/group_finder.rb at 926ba6e5fab25a1f4aaff18ca6d2a846e502d038 - kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss - Forgejo by Causa Arcana

kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss

Sean McGivern 91f43587a8 Merge branch 'jej-group-name-disclosure' into 'security'

Prevent private group disclosure via parent_id

See merge request !2077

2017-03-29 19:18:38 -07:00

17 lines

273 B

Ruby

Raw Blame History

 class GroupFinder
   include Gitlab::Allowable
   def initialize(current_user)
     @current_user = current_user
   end
   def execute(*params)
     group = Group.find_by(*params)
     if can?(@current_user, :read_group, group)
       group
     else
       nil
     end
   end
 end