GitLab steht Mittwoch, den 23. September, zwischen 10:00 und 12:00 Uhr aufgrund von Wartungsarbeiten nicht zur Verfügung.

Commit 61e8ca8c authored by Douwe Maan's avatar Douwe Maan

Don't leak private group existence by redirecting from namespace controller to group controller.

parent 2953e0d1
......@@ -31,6 +31,7 @@ v 7.10.0 (unreleased)
- Replace commits calendar with faster contribution calendar that includes issues and merge requests
- Add inifinite scroll to user page activity
- Don't show commit comment button when user is not signed in.
- Don't leak private group existence by redirecting from namespace controller to group controller.
v 7.9.0
- Send EmailsOnPush email when branch or tag is created or deleted.
......
......@@ -4,14 +4,22 @@ class NamespacesController < ApplicationController
def show
namespace = Namespace.find_by(path: params[:id])
unless namespace
return render_404
if namespace
if namespace.is_a?(Group)
group = namespace
else
user = namespace.owner
end
end
if namespace.type == "Group"
redirect_to group_path(namespace)
if user
redirect_to user_path(user)
elsif group && can?(current_user, :read_group, group)
redirect_to group_path(group)
elsif current_user.nil?
authenticate_user!
else
redirect_to user_path(namespace.owner)
render_404
end
end
end
......@@ -52,7 +52,7 @@ module Mentionable
if identifier == "all"
users.push(*project.team.members.flatten)
elsif namespace = Namespace.find_by(path: identifier)
if namespace.type == "Group"
if namespace.is_a?(Group)
users.push(*namespace.users)
else
users << namespace.owner
......
......@@ -221,7 +221,7 @@ module Gitlab
link_to("@all", namespace_project_url(project.namespace, project), options)
elsif namespace = Namespace.find_by(path: identifier)
url =
if namespace.type == "Group"
if namespace.is_a?(Group)
group_url(identifier)
else
user_url(identifier)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment