gitlab-org--gitlab-foss/lib
Krasimir Angelov 241ba4be79 Allow guests users to access project releases
This is step one of resolving
https://gitlab.com/gitlab-org/gitlab-ce/issues/56838.

Here is what changed:
- Revert the security fix from bdee9e8412.
- Do not leak repository information (tag name, commit) to guests in API
responses.
- Do not include links to source code in API responses for users that do
not have download_code access.
- Show Releases in sidebar for guests.
- Do not display links to source code under Assets for users that do not
have download_code access.

GET ':id/releases/:tag_name' still do not allow guests to access
releases. This is to prevent guessing tag existence.
2019-05-03 13:29:20 +00:00
..
api Allow guests users to access project releases 2019-05-03 13:29:20 +00:00
assets
backup
banzai Move scoped_label into label presenter 2019-04-23 19:58:20 +00:00
bitbucket
bitbucket_server
constraints
container_registry
declarative_policy
flowdock
generators/rails/post_deployment_migration
gitaly
gitlab Propagate excluded paths to SAST & DS jobs 2019-05-03 09:03:44 +00:00
google_api
haml_lint
json_web_token
mattermost
microsoft_teams
object_storage
omni_auth/strategies
peek Migrate correlation and tracing code to LabKit 2019-04-18 09:57:16 +02:00
quality Provide a new gitlab:seed:issues task 2019-04-23 11:43:53 +02:00
rouge
rspec_flaky
safe_zip
sentry
serializers
support
system_check Bump required Ruby version check to 2.5.3 2019-04-18 10:15:53 -07:00
tasks Provide a new gitlab:seed:issues task 2019-04-23 11:43:53 +02:00
after_commit_queue.rb
backup.rb
banzai.rb
carrier_wave_string_file.rb
declarative_policy.rb
event_filter.rb
expand_variables.rb
extracts_path.rb Validate refs used in controllers don't have spaces 2019-04-14 15:26:25 -07:00
feature.rb
file_size_validator.rb
forever.rb
gitlab.rb
gt_one_coercion.rb
milestone_array.rb
mysql_zero_date.rb
static_model.rb
system_check.rb
uploaded_file.rb
version_check.rb