Commit 7da454c5 authored by Giorgenes Gelatti's avatar Giorgenes Gelatti

Dont expose project_path without read_project permission

parent 861f6dcd
...@@ -886,7 +886,7 @@ module EE ...@@ -886,7 +886,7 @@ module EE
expose :created_at expose :created_at
expose :project_id, if: ->(_, opts) { opts[:group] } expose :project_id, if: ->(_, opts) { opts[:group] }
expose :project_path, if: ->(_, opts) { opts[:group] } expose :project_path, if: ->(obj, opts) { opts[:group] && Ability.allowed?(opts[:user], :read_project, obj.project) }
private private
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment