Fix build access policies when pipelines are public
What does this MR do?
This MR fixes Ci::Build
policy. Case with public_builds?
was already handled on the ProjectPolicy
.
Before this change, it was possible to :read_build
even when project was private and user was not a member of the project.
This didn't introduce security problem, because project visibility levels are being check in the parent controller.
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Tests added for this feature/bug