Ensure user is authenticated to create a new snippet (!7786) · Merge requests · GitLab.org / GitLab FOSS

username-removed-128633 requested to merge 25026-authenticate-user-for-new-snippet into master Nov 28, 2016

What does this MR do?

The included before_action :authenticate_user!, only: [:toggle_award_emoji] in the ToggleAwardEmoji concern was actually overwriting the default before_action :authenticate_user! from ApplicationController!

Fortunately we have specific permission checks for POST/PUT/DELETE actions but we should definitely audit all our code for similar issues. I think controller concerns should never set before_action that are already defined in a controller, and even less when they are restricting it with only!

Closes #25026 (closed)

Admin message

Admin message

Ensure user is authenticated to create a new snippet

What does this MR do?

Merge request reports