Fix build access policies when pipelines are public (!8711) · Merge requests · GitLab.org / GitLab FOSS · GitLab

Do not update/delete: Banner broadcast message test data

Do not update/delete: Notification broadcast message test data

Grzegorz Bizon requested to merge fix/ci-build-policy into master Jan 23, 2017

What does this MR do?

This MR fixes Ci::Build policy. Case with public_builds? was already handled on the ProjectPolicy.

Before this change, it was possible to :read_build even when project was private and user was not a member of the project.

This didn't introduce security problem, because project visibility levels are being check in the parent controller.

Does this MR meet the acceptance criteria?

Changelog entry added
Tests added for this feature/bug