Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API: fixes visibility of project hook #3011

Merged
merged 1 commit into from Feb 20, 2013
Merged

API: fixes visibility of project hook #3011

merged 1 commit into from Feb 20, 2013

Conversation

justahero
Copy link
Contributor

An unauthorized user can access project hooks individually.

For example if access to GET /projects/:id/hooks fails and returns a 403 Unauthorized error it is still possible to access a hook directly via GET /projects/:id/hooks/:hook_id.

Fixes access, also added tests to check access and status codes of hooks.

@justahero
API: fixes visibility of project hook
e9d3b96 
When a user is not authorized to see the list of hooks for a project, he is
still able to access the hooks separately. For example if access to
`GET /projects/:id/hooks` fails and returns a `403 Unauthorized` error it is
still possible to access a hook directly via `GET /projects/:id/hooks/:hook_id`.

Fixes access, also added tests to check access and status codes of hooks.
dzaporozhets added a commit that referenced this pull request Feb 20, 2013
@dzaporozhets
Merge pull request #3011 from Asquera/fix_access_to_nonvisible_hook
25e4c51 
API: fixes visibility of project hook
@dzaporozhets dzaporozhets merged commit 25e4c51 into gitlabhq:master Feb 20, 2013
@dzaporozhets
Copy link
Member

Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
API
Milestone
No milestone
2 participants
@justahero @dzaporozhets