Skip to content
Snippets Groups Projects

Allow anonymous user to access pipelines

Merged Allow anonymous user to access pipelines
fix-access-to-pipelines-for-anonymous into master
Merged Kamil Trzcińśki requested to merge fix-access-to-pipelines-for-anonymous into master

What does this MR do?

It fixes an issue where the Pipelines is shown for the Anonymous users, but they get 404 when clicked. Their session is then logged out.

Fixes #17717 (closed).

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
CHANGELOG
20 20 - Updated gitlab_git to 10.1.0
21 21 - GitAccess#protected_tag? no longer loads all tags just to check if a single one exists
22 22 - Reduce delay in destroying a project from 1-minute to immediately
23 - Fix access to Pipelines by Anonymous user
  • Tomasz Maczukin
    Tomasz Maczukin @tmaczukin ·
    Maintainer

    LGTM. We only should move CHANGELOG entry according to @grzesiek's comment

  • Grzegorz Bizon Added 1 commit:

    Added 1 commit:

    • 2fa60114 - Move Changelog for pipeline fix to valid version
  • Grzegorz Bizon Added 36 commits:

    Added 36 commits:

    • 2fa60114...b4c47368 - 34 commits from branch master
    • 479fec7b - Allow anonymous user to access pipelines
    • eac409cf - Move Changelog for pipeline fix to valid version
  • Stan Hu
    Stan Hu @stanhu ·
    Maintainer

    Will this give an anonymous user access to look at any pipeline of a private project?

    UPDATE: I think not given the read_project access is necessary, but I want to make sure we're not introducing a security issue.

    Edited by Stan Hu
  • Stan Hu
    Stan Hu @stanhu ·
    Maintainer

    /cc: @rspeicher Can you do a review of this just to make sure we're not overlooking something here?

  • Kamil Trzcińśki
    Kamil Trzcińśki @ayufan ·
    Author Maintainer

    @stanhu

    The anonymous_project_abilities are evaluated only for public projects: https://gitlab.com/gitlab-org/gitlab-ce/blob/eac409cf140aa734f3fb22bd03399b36ca584460/app/models/ability.rb#L53

  • Tomasz Maczukin mentioned in issue #17715 (closed)

    mentioned in issue #17715 (closed)

  • Grzegorz Bizon Added 1 commit:

    Added 1 commit:

    • beed747d - Fix conflicts in Changelog for registry fixes
  • Grzegorz Bizon Added 7 commits:

    Added 7 commits:

    • beed747d...243e9bc0 - 5 commits from branch master
    • cd26cfbc - Allow anonymous user to access pipelines
    • 11fa89df - Move Changelog for pipeline fix to valid version
  • Grzegorz Bizon
    Grzegorz Bizon @grzesiek ·
    Maintainer

    @stanhu Rebased.

  • Stan Hu Reassigned to @rspeicher

    Reassigned to @rspeicher

  • Robert Speicher Status changed to merged

    Status changed to merged

  • Robert Speicher mentioned in commit b0e12290

    mentioned in commit b0e12290

  • Robert Speicher mentioned in commit dbdeccdd

    mentioned in commit dbdeccdd

  • yorickpeterse-staging mentioned in issue #17731 (closed)

    mentioned in issue #17731 (closed)

  • yorickpeterse-staging Removed ~149423 label

    Removed ~149423 label

  • Robert Speicher mentioned in commit 2b7b6c23

    mentioned in commit 2b7b6c23

  • yorickpeterse-staging mentioned in commit afe67493

    mentioned in commit afe67493

  • username-removed-289790 mentioned in issue #17885 (closed)

    mentioned in issue #17885 (closed)

    • Please register or sign in to reply