Provide an API to list public snippets of other users
Summary
An admin user which has created a personal access token with api, read_user and sudo scope is not allowed to get snippets from other users via Snippets API regardless of the snippet's visibility level.
Steps to reproduce
Login as non-admin user A and create a snippet. You can set the visibility as public (using visibility level internal or private will end up in the same error).
Login as admin user B and get a personal access token with all 3 scopes. Use the provided token to get the snippet that was created by A (say, this snippet has ID 1):
curl --request GET --header "PRIVATE-TOKEN: foo" http://git.your-domain.de/api/v4/snippets/1
You'll get an 404 (Not Found).
As user B create another snippet (say, this snippet has ID 2) and try to get it via Snippets API:
curl --request GET --header "PRIVATE-TOKEN: foo" http://git.your-domain.de/api/v4/snippets/2
This will return a valid JSON representation of the given snippet.
What is the current bug behavior?
see above
What is the expected correct behavior?
B should see A's snippet via Snippets API. An admin user using a personal access token with sudo scope should be able to see all snippets.
Results of GitLab environment info
Expand for output related to GitLab environment info
# gitlab-rake gitlab:env:infoSystem information System: Current User: git Using RVM: no Ruby Version: 2.3.5p376 Gem Version: 2.6.13 Bundler Version:1.13.7 Rake Version: 12.3.0 Redis Version: 3.2.11 Git Version: 2.14.3 Sidekiq Version:5.0.4 Go Version: unknown
GitLab information Version: 10.3.3 Revision: 888cf31 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: postgresql URL: xxx HTTP Clone URL: xxx SSH Clone URL: xxx Using LDAP: yes Using Omniauth: no
GitLab Shell Version: 5.10.2 Repository storage paths:
- default: /Data/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks Git: /opt/gitlab/embedded/bin/git
Results of GitLab application Check
Expand for output related to the GitLab application check
Does not report any problems. Everything is OK.
Possible fixes
currently no fixes available