Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
e80b54a5
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
e80b54a5
编写于
5月 26, 2020
作者:
G
GitLab Bot
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add latest changes from gitlab-org/security/gitlab@12-10-stable-ee
上级
65e85dd1
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
33 addition
and
3 deletion
+33
-3
app/controllers/concerns/membership_actions.rb
app/controllers/concerns/membership_actions.rb
+9
-3
changelogs/unreleased/security-forked-from.yml
changelogs/unreleased/security-forked-from.yml
+5
-0
lib/api/projects.rb
lib/api/projects.rb
+2
-0
locale/gitlab.pot
locale/gitlab.pot
+6
-0
spec/requests/api/projects_spec.rb
spec/requests/api/projects_spec.rb
+11
-0
未找到文件。
app/controllers/concerns/membership_actions.rb
浏览文件 @
e80b54a5
...
...
@@ -53,10 +53,16 @@ module MembershipActions
end
def
request_access
membershipable
.
request_access
(
current_user
)
access_requester
=
membershipable
.
request_access
(
current_user
)
redirect_to
polymorphic_path
(
membershipable
),
notice:
_
(
'Your request for access has been queued for review.'
)
if
access_requester
.
persisted?
redirect_to
polymorphic_path
(
membershipable
),
notice:
_
(
'Your request for access has been queued for review.'
)
else
redirect_to
polymorphic_path
(
membershipable
),
alert:
_
(
"Your request for access could not be processed: %{error_meesage}"
)
%
{
error_meesage:
access_requester
.
errors
.
full_messages
.
to_sentence
}
end
end
def
approve_access_request
...
...
changelogs/unreleased/security-forked-from.yml
0 → 100644
浏览文件 @
e80b54a5
---
title
:
Check forked project permissions before allowing fork
merge_request
:
author
:
type
:
security
lib/api/projects.rb
浏览文件 @
e80b54a5
...
...
@@ -444,6 +444,8 @@ module API
not_found!
(
"Source Project"
)
unless
fork_from_project
authorize!
:fork_project
,
fork_from_project
result
=
::
Projects
::
ForkService
.
new
(
fork_from_project
,
current_user
).
execute
(
user_project
)
if
result
...
...
locale/gitlab.pot
浏览文件 @
e80b54a5
...
...
@@ -24201,6 +24201,9 @@ msgstr ""
msgid "Your projects"
msgstr ""
msgid "Your request for access could not be processed: %{error_meesage}"
msgstr ""
msgid "Your request for access has been queued for review."
msgstr ""
...
...
@@ -24618,6 +24621,9 @@ msgstr ""
msgid "email '%{email}' does not match the allowed domain of '%{email_domain}'"
msgstr ""
msgid "email '%{email}' is not a verified email."
msgstr ""
msgid "enabled"
msgstr ""
...
...
spec/requests/api/projects_spec.rb
浏览文件 @
e80b54a5
...
...
@@ -1891,6 +1891,17 @@ describe API::Projects do
expect
(
project_fork_target
).
to
be_forked
end
it
'fails without permission from forked_from project'
do
project_fork_source
.
project_feature
.
update_attribute
(
:forking_access_level
,
ProjectFeature
::
PRIVATE
)
post
api
(
"/projects/
#{
project_fork_target
.
id
}
/fork/
#{
project_fork_source
.
id
}
"
,
user
)
expect
(
response
).
to
have_gitlab_http_status
(
:forbidden
)
expect
(
project_fork_target
.
forked_from_project
).
to
be_nil
expect
(
project_fork_target
.
fork_network_member
).
not_to
be_present
expect
(
project_fork_target
).
not_to
be_forked
end
it
'denies project to be forked from a private project'
do
post
api
(
"/projects/
#{
project_fork_target
.
id
}
/fork/
#{
private_project_fork_source
.
id
}
"
,
user
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录