Commit 69417d36 authored by Daniel Gerhardt's avatar Daniel Gerhardt

Fix label read access for unauthenticated users

The label page was added to navigation for unauthorized users because
the previously used milestone read permission was still checked. This
has been fixed and read access to labels is now granted (again) for
public projects.

This regression has been introduced in
07efb17e (7.12).

See also 9bcd3639.

Refs !836, !842.
parent e8aaf568
Please view this file on the master branch, on stable branches it's out of date.
v 7.14.0 (unreleased)
- Fix label read access for unauthenticated users (Daniel Gerhardt)
- Fix OAuth provider bug where GitLab would not go return to the redirect_uri after sign-in (Stan Hu)
- Fix file upload dialog for comment editing (Daniel Gerhardt)
- Expire Rails cache entries after two weeks to prevent endless Redis growth
......
......@@ -131,8 +131,12 @@ def get_project_nav_tabs(project, current_user)
nav_tabs << :snippets
end
if can?(current_user, :read_label, project)
nav_tabs << :labels
end
if can?(current_user, :read_milestone, project)
nav_tabs << [:milestones, :labels]
nav_tabs << :milestones
end
nav_tabs.flatten
......
......@@ -35,6 +35,7 @@ def not_auth_abilities(user, subject)
:read_project,
:read_wiki,
:read_issue,
:read_label,
:read_milestone,
:read_project_snippet,
:read_project_member,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment