API: fixes visibility of project hook (!3011) · Merge requests · Witrem / GitlabTest

Witrem requested to merge github/fork/Asquera/fix_access_to_nonvisible_hook into master Feb 16, 2013

Created by: justahero

An unauthorized user can access project hooks individually.

For example if access to GET /projects/:id/hooks fails and returns a 403 Unauthorized error it is still possible to access a hook directly via GET /projects/:id/hooks/:hook_id.

Fixes access, also added tests to check access and status codes of hooks.

API: fixes visibility of project hook

Merge request reports