-
Douwe Maan authored
Check permissions when sharing project with group ## Summary Unprivileged user was able to share project with group he didn't have access to, and therefore gain partial access to that group, which opened possibilities for further actions like listing private projects in that group. See https://gitlab.com/gitlab-org/gitlab-ce/issues/15330 ## Fix This change introduces additional check for group read access. ## Further work We can think about preventing such problems in the future (this is quite common problem) by moving permissions checks to another layer of abstraction (TBD). Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15330 See merge request !1949 Signed-off-by: Rémy Coutable <remy@rymai.me>
ae1e3fb8