deac/gitlabhq
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix security issues with teams

Browse source
This commit is contained in:
Dmitriy Zaporozhets 2013-01-25 15:51:45 +02:00
parent 3ddd9f753c
commit 6350b32a3d
4 changed files with 16 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/dashboard_controller.rb
View file

@ -18,7 +18,7 @@ class DashboardController < ApplicationController
@projects
end
@teams = (UserTeam.with_member(current_user) + UserTeam.created_by(current_user)).uniq
@teams = current_user.authorized_teams
@projects = @projects.page(params[:page]).per(30)

9
app/controllers/teams_controller.rb
View file

@ -4,11 +4,9 @@ class TeamsController < ApplicationController
before_filter :authorize_manage_user_team!, only: [:edit, :update]
before_filter :authorize_admin_user_team!, only: [:destroy]
layout 'user_team', except: [:new, :create]
before_filter :user_team, except: [:new, :create]
def index
@teams = current_user.user_teams.order('name ASC')
end
layout 'user_team', except: [:new, :create]
def show
user_team
@ -83,7 +81,6 @@ class TeamsController < ApplicationController
end
def user_team
@team ||= UserTeam.find_by_path(params[:id])
@team ||= current_user.authorized_teams.find_by_path(params[:id])
end
end