gitlab-org--gitlab-foss/spec/fixtures/api/schemas/public_api/v4/release.json
Krasimir Angelov 241ba4be79 Allow guests users to access project releases
This is step one of resolving
https://gitlab.com/gitlab-org/gitlab-ce/issues/56838.

Here is what changed:
- Revert the security fix from bdee9e8412.
- Do not leak repository information (tag name, commit) to guests in API
responses.
- Do not include links to source code in API responses for users that do
not have download_code access.
- Show Releases in sidebar for guests.
- Do not display links to source code under Assets for users that do not
have download_code access.

GET ':id/releases/:tag_name' still do not allow guests to access
releases. This is to prevent guessing tag existence.
2019-05-03 13:29:20 +00:00

33 lines
887 B
JSON

{
"type": "object",
"required": ["name", "tag_name", "commit"],
"properties": {
"name": { "type": "string" },
"tag_name": { "type": "string" },
"description": { "type": "string" },
"description_html": { "type": "string" },
"created_at": { "type": "date" },
"commit": {
"oneOf": [{ "type": "null" }, { "$ref": "commit/basic.json" }]
},
"author": {
"oneOf": [{ "type": "null" }, { "$ref": "user/basic.json" }]
},
"assets": {
"required": ["count", "links", "sources"],
"properties": {
"count": { "type": "integer" },
"links": { "$ref": "../../release/links.json" },
"sources": {
"type": "array",
"items": {
"format": "zip",
"url": "string"
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}