Fix missing properties in projects API for unauthenticated users
-
Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA
What does this MR do and why?
Fix missing properties in projects API for unauthenticated users;
one of them being forked_from_project
(so this MR resolves #361952)
The API response returned to unauthenticated users was based on BasicProjectDetails instead of its Projects subclass, causing properties to be missing regardless of access control
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
This should not give unauthenticated users any more access than unprivileged authenticated users; but tagging @gitlab-com/gl-security/appsec security just in case, as it now makes unauthenticated users go through a code path that was only for authenticated users so far
Screenshots or screen recordings
Before | After |
---|---|