BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
25e4c512
Commit
25e4c512
authored
Feb 20, 2013
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #3011 from Asquera/fix_access_to_nonvisible_hook
API: fixes visibility of project hook
parents
c56d32c7
e9d3b965
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
24 additions
and
1 deletion
+24
-1
projects.rb
lib/api/projects.rb
+1
-0
projects_spec.rb
spec/requests/api/projects_spec.rb
+23
-1
No files found.
lib/api/projects.rb
View file @
25e4c512
...
...
@@ -155,6 +155,7 @@ module Gitlab
# Example Request:
# GET /projects/:id/hooks/:hook_id
get
":id/hooks/:hook_id"
do
authorize!
:admin_project
,
user_project
@hook
=
user_project
.
hooks
.
find
(
params
[
:hook_id
])
present
@hook
,
with:
Entities
::
Hook
end
...
...
spec/requests/api/projects_spec.rb
View file @
25e4c512
...
...
@@ -196,9 +196,9 @@ describe Gitlab::API do
end
describe
"GET /projects/:id/hooks"
do
context
"authorized user"
do
it
"should return project hooks"
do
get
api
(
"/projects/
#{
project
.
id
}
/hooks"
,
user
)
response
.
status
.
should
==
200
json_response
.
should
be_an
Array
...
...
@@ -207,12 +207,34 @@ describe Gitlab::API do
end
end
context
"unauthorized user"
do
it
"should not access project hooks"
do
get
api
(
"/projects/
#{
project
.
id
}
/hooks"
,
user3
)
response
.
status
.
should
==
403
end
end
end
describe
"GET /projects/:id/hooks/:hook_id"
do
context
"authorized user"
do
it
"should return a project hook"
do
get
api
(
"/projects/
#{
project
.
id
}
/hooks/
#{
hook
.
id
}
"
,
user
)
response
.
status
.
should
==
200
json_response
[
'url'
].
should
==
hook
.
url
end
it
"should return a 404 error if hook id is not available"
do
get
api
(
"/projects/
#{
project
.
id
}
/hooks/1234"
,
user
)
response
.
status
.
should
==
404
end
end
context
"unauthorized user"
do
it
"should not access an existing hook"
do
get
api
(
"/projects/
#{
project
.
id
}
/hooks/
#{
hook
.
id
}
"
,
user3
)
response
.
status
.
should
==
403
end
end
end
describe
"POST /projects/:id/hooks"
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment