241ba4be79
This is step one of resolving
https://gitlab.com/gitlab-org/gitlab-ce/issues/56838.
Here is what changed:
- Revert the security fix from bdee9e8412
.
- Do not leak repository information (tag name, commit) to guests in API
responses.
- Do not include links to source code in API responses for users that do
not have download_code access.
- Show Releases in sidebar for guests.
- Do not display links to source code under Assets for users that do not
have download_code access.
GET ':id/releases/:tag_name' still do not allow guests to access
releases. This is to prevent guessing tag existence.
33 lines
887 B
JSON
33 lines
887 B
JSON
{
|
|
"type": "object",
|
|
"required": ["name", "tag_name", "commit"],
|
|
"properties": {
|
|
"name": { "type": "string" },
|
|
"tag_name": { "type": "string" },
|
|
"description": { "type": "string" },
|
|
"description_html": { "type": "string" },
|
|
"created_at": { "type": "date" },
|
|
"commit": {
|
|
"oneOf": [{ "type": "null" }, { "$ref": "commit/basic.json" }]
|
|
},
|
|
"author": {
|
|
"oneOf": [{ "type": "null" }, { "$ref": "user/basic.json" }]
|
|
},
|
|
"assets": {
|
|
"required": ["count", "links", "sources"],
|
|
"properties": {
|
|
"count": { "type": "integer" },
|
|
"links": { "$ref": "../../release/links.json" },
|
|
"sources": {
|
|
"type": "array",
|
|
"items": {
|
|
"format": "zip",
|
|
"url": "string"
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|