Commit 61e8ca8c authored by Douwe Maan's avatar Douwe Maan

Don't leak private group existence by redirecting from namespace controller to group controller.

parent 2953e0d1
......@@ -31,6 +31,7 @@ v 7.10.0 (unreleased)
- Replace commits calendar with faster contribution calendar that includes issues and merge requests
- Add inifinite scroll to user page activity
- Don't show commit comment button when user is not signed in.
- Don't leak private group existence by redirecting from namespace controller to group controller.
v 7.9.0
- Send EmailsOnPush email when branch or tag is created or deleted.
......
......@@ -4,14 +4,22 @@ class NamespacesController < ApplicationController
def show
namespace = Namespace.find_by(path: params[:id])
unless namespace
return render_404
if namespace
if namespace.is_a?(Group)
group = namespace
else
user = namespace.owner
end
end
if namespace.type == "Group"
redirect_to group_path(namespace)
if user
redirect_to user_path(user)
elsif group && can?(current_user, :read_group, group)
redirect_to group_path(group)
elsif current_user.nil?
authenticate_user!
else
redirect_to user_path(namespace.owner)
render_404
end
end
end
......@@ -52,7 +52,7 @@ def mentioned_users
if identifier == "all"
users.push(*project.team.members.flatten)
elsif namespace = Namespace.find_by(path: identifier)
if namespace.type == "Group"
if namespace.is_a?(Group)
users.push(*namespace.users)
else
users << namespace.owner
......
......@@ -221,7 +221,7 @@ def reference_user(identifier, project = @project, _ = nil)
link_to("@all", namespace_project_url(project.namespace, project), options)
elsif namespace = Namespace.find_by(path: identifier)
url =
if namespace.type == "Group"
if namespace.is_a?(Group)
group_url(identifier)
else
user_url(identifier)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment