Skip to content
GitLab Next
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • GitLab GitLab
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 43,817
    • Issues 43,817
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 1,443
    • Merge requests 1,443
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • GitLab.org
  • GitLabGitLab
  • Issues
  • #208397
Closed
Open
Created Feb 28, 2020 by alexgit2k@alexgit2kContributor

Unable to download Evidence collection

Summary

Downloading the Evidence collection on the Releases-page (Project overview -> Releases) leads to a "Not Found"-error.

The problem is that we require a lot of permissions to view release evidence:

    condition(:allowed_to_read_evidence) do
      can?(:read_release) &&
        can?(:download_code) &&
        can?(:read_project) &&
        can?(:read_milestone) &&
        can?(:read_issue)
    end

If the user can't view one of those, it can't download the release evidence. The easiest way to reproduce this - disable the issue tracker on the project.

Steps to reproduce

  1. Log into Gitlab
  2. Go to "Project overview" -> "Releases" of any project
  3. Click on the linked file under "Evidence collection"

What is the current bug behavior?

"Not Found"-error

What is the expected correct behavior?

Downloaded JSON-file

Relevant logs and/or screenshots

https://www.example.com/MYNAMESPACE/MYPROJECT/-/releases/MYTAG/evidence.json

Started GET "/MYNAMESPACE/MYPROJECT/-/releases/MYTAG/evidence.json" for 1.2.3.4 at 2020-02-27 17:54:23 +0100
Processing by Projects::ReleasesController#evidence as JSON
  Parameters: {"namespace_id"=>"MYNAMESPACE", "project_id"=>"MYPROJECT", "tag"=>"MYTAG"}
Filter chain halted as :authorize_read_release_evidence! rendered or redirected
Completed 404 Not Found in 15ms (ActiveRecord: 1.5ms | Elasticsearch: 0.0ms | Allocations: 9755)

Results of GitLab environment info

Expand for output related to GitLab environment info
System information
System:
Current User:   git
Using RVM:      no
Ruby Version:   2.6.5p114
Gem Version:    2.7.10
Bundler Version:1.17.3
Rake Version:   12.3.3
Redis Version:  5.0.7
Git Version:    2.24.1
Sidekiq Version:5.2.7
Go Version:     unknown

GitLab information Version: 12.8.1 Revision: d18b43a5f5a Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 11.7 Using LDAP: yes Using Omniauth: yes Omniauth Providers:

GitLab Shell Version: 11.0.0 Repository storage paths: default: /var/opt/gitlab/git-data/repositories GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell Git: /opt/gitlab/embedded/bin/git

Proposed solution

Don't show release evidence link if the user has no access to view release evidence content.

Edited May 19, 2020 by Vladimir Shushlin
Assignee
Assign to
Time tracking