API: fixes visibility of project hook (!3011) · Merge requests · Import/Export Testing Group / gitlabhq_1614474359

Matthias Käppler requested to merge github/fork/Asquera/fix_access_to_nonvisible_hook into master Feb 16, 2013

Created by: justahero

An unauthorized user can access project hooks individually.

For example if access to GET /projects/:id/hooks fails and returns a 403 Unauthorized error it is still possible to access a hook directly via GET /projects/:id/hooks/:hook_id.

Fixes access, also added tests to check access and status codes of hooks.

Admin message

Admin message

API: fixes visibility of project hook

Merge request reports