Commit de1fc6f1 authored by Dmitry Gruzd's avatar Dmitry Gruzd Committed by Mark Chao

Fix global anonymous searches restriction

parent 6adff1dd
...@@ -150,7 +150,7 @@ class SearchController < ApplicationController ...@@ -150,7 +150,7 @@ class SearchController < ApplicationController
end end
def block_anonymous_global_searches def block_anonymous_global_searches
return if params[:project_id].present? || params[:group_id].present? return unless search_service.global_search?
return if current_user return if current_user
return unless ::Feature.enabled?(:block_anonymous_global_searches, type: :ops) return unless ::Feature.enabled?(:block_anonymous_global_searches, type: :ops)
...@@ -160,7 +160,7 @@ class SearchController < ApplicationController ...@@ -160,7 +160,7 @@ class SearchController < ApplicationController
end end
def check_scope_global_search_enabled def check_scope_global_search_enabled
return if params[:project_id].present? || params[:group_id].present? return unless search_service.global_search?
search_allowed = case params[:scope] search_allowed = case params[:scope]
when 'blobs' when 'blobs'
......
...@@ -45,6 +45,10 @@ class SearchService ...@@ -45,6 +45,10 @@ class SearchService
# overridden in EE # overridden in EE
end end
def global_search?
project.blank? && group.blank?
end
def show_snippets? def show_snippets?
return @show_snippets if defined?(@show_snippets) return @show_snippets if defined?(@show_snippets)
......
...@@ -172,6 +172,12 @@ RSpec.describe SearchController do ...@@ -172,6 +172,12 @@ RSpec.describe SearchController do
expect(response).to redirect_to new_user_session_path expect(response).to redirect_to new_user_session_path
end end
it 'redirects to login page when trying to circumvent the restriction' do
get :show, params: { scope: 'projects', project_id: non_existing_record_id, search: '*' }
expect(response).to redirect_to new_user_session_path
end
end end
context 'for authenticated user' do context 'for authenticated user' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment