Fix expose of readme_url and forks_count
What does this MR do and why?
This MR will restrict the expose of readme_url and forks_count only when the user has access to the project repository.
How to set up and validate locally
- Create a public project and change permissions to restrict repository access only to members
- Login with a user who is not a member of this project
- Run the local development server
gdk start- Verify you don't see the
readme_urlandforks_countfields in the following URLs(Replaceproject_nameandproject_id):
http://127.0.0.1:3000/api/v4/search?scope=projects&search=:project_name
http://127.0.0.1:3000/api/v4/projects/:project_id/
- Request membership for the project and accept the request by going to the admin panel
- Now visits the above links, you should be able to see the
readme_urlandforks_countfields - Visit the above links as a non-authenticated user.
- Verify you don't see the
readme_urlandforks_countfields
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #37979
Edited by Ravi Kumar