Skip to content
Snippets Groups Projects
Select Git revision
  • morefice-master-patch-99906
  • master default protected
  • 208412-fj-create-group-features-table-and-basics
  • 326701-move-vsa-filters-to-ce
  • stkerr-self-managed-doc-tag
  • 338902-add-global-tabs-feature-flags
  • 218173-ci-resource_group-not-working-when-using-ci_environment_name-directly
  • 338730-rubocop-rule-to-prevent-subtransactions
  • 335638-devops-adoption-add-an-adoption-table-in-the-overview-tab
  • 332891-improve-pipeline-creation-instrumentation
  • 338039-dast-profiles-readme
  • 330707-pipeline-graphql-nplusone
  • dz-integrated-error-tracking-expose-dsn
  • 332258-replace-dropdowntitle-component-with-sidebareditableitem
  • pks-drop-squash-in-progress
  • 14-0-stable-ee-patch-8
  • jnnkl-gitlab-ui-32.2.3
  • feature/gb/reduce-thresholds-for-subtransactions-logging
  • dz-integrated-error-tracking-doc
  • ci-skip-processing-failed-traces
  • v14.2.0-ee
  • v14.2.0-rc42-ee
  • v14.1.3-ee
  • v13.12.10-ee
  • v13.12.9-ee
  • v14.0.7-ee
  • v14.1.2-ee
  • v14.1.1-ee
  • v14.1.0-ee
  • v14.1.0-rc43-ee
  • v14.0.6-ee
  • v14.1.0-rc42-ee
  • v14.0.5-ee
  • v13.11.7-ee
  • v13.12.8-ee
  • v14.0.4-ee
  • v14.0.3-ee
  • v13.12.7-ee
  • v13.11.6-ee
  • v13.12.6-ee
40 results

ce-60465-prevent-comments-on-private-mrs.yml

Forked from GitLab.org / GitLab
Source project has a limited visibility.
  • Alex Kalderimis's avatar
    e640de75
    Prevent unauthorised comments on merge requests · e640de75
    Alex Kalderimis authored 
    * Prevent creating notes on inaccessible MRs

This applies the notes rules at the MR scope. Rather than adding extra
rules to the Project level policy, preventing :create_note here is
better since it only prevents creating notes on MRs.

* Prevent creating notes in inaccessible Issues

without this policy, non-team-members are allowed to comment on issues
even when the project has the private-issues policy set. This means that
without this change, users are allowed to comment on issues that they
cannot read.

* Add CHANGELOG entry
    e640de75
    History
    Prevent unauthorised comments on merge requests
    Alex Kalderimis authored 
    * Prevent creating notes on inaccessible MRs

This applies the notes rules at the MR scope. Rather than adding extra
rules to the Project level policy, preventing :create_note here is
better since it only prevents creating notes on MRs.

* Prevent creating notes in inaccessible Issues

without this policy, non-team-members are allowed to comment on issues
even when the project has the private-issues policy set. This means that
without this change, users are allowed to comment on issues that they
cannot read.

* Add CHANGELOG entry