kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/app/models
History
Krasimir Angelov 241ba4be79 Allow guests users to access project releases 
This is step one of resolving
https://gitlab.com/gitlab-org/gitlab-ce/issues/56838.

Here is what changed:
- Revert the security fix from bdee9e8412.
- Do not leak repository information (tag name, commit) to guests in API
responses.
- Do not include links to source code in API responses for users that do
not have download_code access.
- Show Releases in sidebar for guests.
- Do not display links to source code under Assets for users that do not
have download_code access.

GET ':id/releases/:tag_name' still do not allow guests to access
releases. This is to prevent guessing tag existence.
 		2019-05-03 13:29:20 +00:00
..
application_setting Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
badges
blob_viewer
ci Adds a way to start multiple manual jobs in stage 2019-05-02 18:27:35 +00:00
clusters Add gitlab-managed option to clusters form 2019-05-03 01:05:53 +00:00
concerns Merge branch '9932-fix-deprecated-attribute_changed-ce' into 'master' 2019-05-02 15:54:21 +00:00
conversational_development_index Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
diff_viewer
error_tracking Align UrlValidator to validate_url gem implementation. 2019-04-11 06:29:07 +00:00
hooks Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
identity Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
issue Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
members Upgrade Rails to 5.1.6.1 2019-04-23 08:31:23 +08:00
merge_request Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
network Only allow 30 RPCs per test case to Gitaly 2019-02-22 14:51:27 +00:00
postgresql Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
project_services Update deployment chat message notification 2019-05-02 16:07:26 +00:00
protected_branch Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
protected_tag Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
releases Align UrlValidator to validate_url gem implementation. 2019-04-11 06:29:07 +00:00
serverless Add Knative metrics to Prometheus 2019-04-06 02:02:39 +00:00
storage Remove deprecated uses of attribute_changed? 2019-04-30 15:24:25 +08:00
uploads
.gitkeep
ability.rb
abuse_report.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
active_session.rb Filter active sessions belonging to an admin impersonating the user 2019-02-27 11:44:58 +01:00
appearance.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
application_record.rb Merge branch 'security-approval-race-condition' into 'master' 2019-04-25 10:39:09 +00:00
application_setting.rb Add Let's Encrypt application settings 2019-04-27 04:38:01 +00:00
application_setting_implementation.rb Allow Sentry client-side DSN to be passed on gitlab.yml 2019-05-01 15:23:11 -03:00
audit_event.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
award_emoji.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
badge.rb Align UrlValidator to validate_url gem implementation. 2019-04-11 06:29:07 +00:00
blob.rb Update comments about N + 1 Gitaly calls 2019-04-09 17:21:16 +02:00
board.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
board_group_recent_visit.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
board_project_recent_visit.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
broadcast_message.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
chat_name.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
chat_team.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
commit.rb
commit_collection.rb Backport splitting approval changes from CE 2019-04-02 11:01:07 +00:00
commit_range.rb Adds the Rubocop ReturnNil cop 2019-03-06 17:51:56 +02:00
commit_status.rb Remove deprecated uses of attribute_changed? 2019-04-30 15:24:25 +08:00
commit_status_enums.rb Create framework for build prerequisites 2019-03-20 12:04:40 +11:00
compare.rb
container_repository.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
cycle_analytics.rb
dashboard_group_milestone.rb
dashboard_milestone.rb
deploy_key.rb
deploy_keys_project.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
deploy_token.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
deployment.rb Fix deployments for Kubernetes service templates 2019-04-29 07:57:08 +10:00
diff_discussion.rb
diff_note.rb Prepare suggestion implementation for multi-line 2019-03-27 12:26:53 -03:00
directly_addressed_user.rb
discussion.rb
discussion_note.rb
email.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
environment.rb Align UrlValidator to validate_url gem implementation. 2019-04-11 06:29:07 +00:00
environment_status.rb
epic.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
event.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
event_collection.rb
external_issue.rb
fork_network.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
fork_network_member.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
generic_commit_status.rb Align UrlValidator to validate_url gem implementation. 2019-04-11 06:29:07 +00:00
global_label.rb Move scoped_label into label presenter 2019-04-23 19:58:20 +00:00
global_milestone.rb Move scoped_label into label presenter 2019-04-23 19:58:20 +00:00
gpg_key.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
gpg_key_subkey.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
gpg_signature.rb Extract a Git::{Base,Tag,Branch}HooksService 2019-04-05 18:26:53 +01:00
group.rb Upgrade Rails to 5.1.6.1 2019-04-23 08:31:23 +08:00
group_custom_attribute.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
group_label.rb
group_milestone.rb
guest.rb
identity.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
import_export_upload.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
individual_note_discussion.rb Remove reply_to_individual_notes feature flag 2019-04-03 10:00:18 +08:00
instance_configuration.rb Display maximum artifact size from runtime config 2019-04-03 21:02:11 +02:00
internal_id.rb Always use internal ID tables in development and production 2019-04-22 10:48:16 -07:00
issue.rb Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE 2019-04-09 15:38:58 +00:00
issue_assignee.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
issue_collection.rb
key.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
label.rb Move scoped_label into label presenter 2019-04-23 19:58:20 +00:00
label_link.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
label_note.rb Adds the Rubocop ReturnNil cop 2019-03-06 17:51:56 +02:00
label_priority.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
legacy_diff_discussion.rb
legacy_diff_note.rb Adds the Rubocop ReturnNil cop 2019-03-06 17:51:56 +02:00
lfs_download_object.rb
lfs_file_lock.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
lfs_object.rb Upgrade Rails to 5.1.6.1 2019-04-23 08:31:23 +08:00
lfs_objects_project.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
license_template.rb
list.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
member.rb Allow a member to have an access level equal to parent group 2019-04-30 13:31:51 -07:00
members_preloader.rb
merge_request.rb Fix environment automatic on_stop trigger 2019-04-30 21:15:39 +07:00
merge_request_assignee.rb Add multiple assignees migration and table population 2019-03-25 19:50:40 -03:00
merge_request_diff.rb Remove deprecated uses of attribute_changed? 2019-04-30 15:24:25 +08:00
merge_request_diff_commit.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
merge_request_diff_file.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
merge_requests_closing_issues.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
milestone.rb Externalize strings in app/models 2019-04-12 12:28:07 +00:00
namespace.rb Add packages_size to ProjectStatistics 2019-05-02 16:04:15 +00:00
note.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
note_diff_file.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
notification_reason.rb
notification_recipient.rb Merge branch 'security-pb-email-watchers-no-access' into 'master' 2019-04-25 10:39:07 +00:00
notification_setting.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
oauth_access_grant.rb
oauth_access_token.rb
out_of_context_discussion.rb
pages_domain.rb Merge branch '9932-fix-deprecated-attribute_changed-ce' into 'master' 2019-05-02 15:54:21 +00:00
personal_access_token.rb Added write_repository scope for personal access token 2019-04-15 13:05:55 +00:00
personal_snippet.rb
pool_repository.rb Fix wrong use of ActiveRecord in PoolRepository 2019-04-20 13:27:53 +00:00
programming_language.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
project.rb Merge branch '27777-drop-projects-ci_id-column' into 'master' 2019-05-02 16:56:48 +00:00
project_authorization.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
project_auto_devops.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
project_ci_cd_setting.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
project_custom_attribute.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
project_daily_statistic.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
project_deploy_token.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
project_feature.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
project_group_link.rb Externalize strings in app/models 2019-04-12 12:28:07 +00:00
project_import_data.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
project_import_state.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
project_label.rb
project_metrics_setting.rb Add ProjectMetricsDashboardSetting model and table 2019-04-26 17:23:26 +00:00
project_repository.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
project_snippet.rb
project_statistics.rb Add packages_size to ProjectStatistics 2019-05-02 16:04:15 +00:00
project_team.rb
project_wiki.rb Added list_pages method to avoid loading all wiki pages content 2019-04-25 04:19:07 +00:00
prometheus_metric.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
protectable_dropdown.rb
protected_branch.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
protected_tag.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
push_event.rb
push_event_payload.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
readme_blob.rb
redirect_route.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
ref_matcher.rb
release.rb Allow guests users to access project releases 2019-05-03 13:29:20 +00:00
remote_mirror.rb Remove deprecated uses of attribute_changed? 2019-04-30 15:24:25 +08:00
repository.rb Add support for two-step Gitaly Rebase RPC 2019-05-02 17:30:07 +00:00
repository_language.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
resource_label_event.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
route.rb Upgrade Rails to 5.1.6.1 2019-04-23 08:31:23 +08:00
security_event.rb
sent_notification.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
service.rb Add deployment events to chat notification services 2019-04-26 21:08:41 +00:00
shard.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
snippet.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
snippet_blob.rb
spam_log.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
ssh_host_key.rb Adds the Rubocop ReturnNil cop 2019-03-06 17:51:56 +02:00
subscription.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
suggestion.rb Prepare suggestion implementation for multi-line 2019-03-27 12:26:53 -03:00
system_note_metadata.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
term_agreement.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
timelog.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
todo.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
tree.rb
trending_project.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
u2f_registration.rb Externalize strings in app/models 2019-04-12 12:28:07 +00:00
upload.rb Externalize strings in app/models 2019-04-12 12:28:07 +00:00
user.rb Upgrade Rails to 5.1.6.1 2019-04-23 08:31:23 +08:00
user_agent_detail.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
user_callout.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
user_callout_enums.rb
user_custom_attribute.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
user_interacted_project.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
user_preference.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
user_status.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
user_synced_attributes_metadata.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
users_star_project.rb Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 16:18:23 +00:00
wiki_directory.rb
wiki_page.rb Fix grouping wiki pages by directory 2019-04-12 13:25:17 +00:00