diff options
author | Phil Hughes <me@iamphill.com> | 2016-10-04 14:40:03 +0100 |
---|---|---|
committer | Phil Hughes <me@iamphill.com> | 2016-10-04 14:40:03 +0100 |
commit | c2602aaff3f78ad12e1cc06136a7345699951454 (patch) | |
tree | a264db7619fd8bf3186698f56eb69ac8ea5cb9d3 | |
parent | 2a6942abef10ab163a065600256cdbfa61ffdbf1 (diff) | |
download | gitlab-ce-c2602aaff3f78ad12e1cc06136a7345699951454.tar.gz |
Updated Ruby
-rw-r--r-- | app/controllers/projects/group_links_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/project_members_controller.rb | 5 |
2 files changed, 4 insertions, 3 deletions
diff --git a/app/controllers/projects/group_links_controller.rb b/app/controllers/projects/group_links_controller.rb index 7b6f07465e0..2994d8c9666 100644 --- a/app/controllers/projects/group_links_controller.rb +++ b/app/controllers/projects/group_links_controller.rb @@ -1,6 +1,7 @@ class Projects::GroupLinksController < Projects::ApplicationController layout 'project_settings' before_action :authorize_admin_project! + before_action :authorize_admin_project_member!, only: [:update] def index @group_links = project.project_group_links.all @@ -21,7 +22,6 @@ class Projects::GroupLinksController < Projects::ApplicationController def update @group_link = @project.project_group_links.find(params[:id]) - return render_403 unless can?(current_user, :admin_project_member, @project) @group_link.update_attributes(group_link_params) end diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb index eb1bf445a7d..870dc8abbd4 100644 --- a/app/controllers/projects/project_members_controller.rb +++ b/app/controllers/projects/project_members_controller.rb @@ -19,8 +19,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController @groups = @project.project_group_links.where(group_id: group_ids) end - @project_members = @project_members.order('access_level DESC') - @project_members = @project_members.page(params[:page]) + @project_members = @project_members.order(access_level: :desc).page(params[:page]) @requesters = AccessRequestsFinder.new(@project).execute(current_user) @@ -40,6 +39,8 @@ class Projects::ProjectMembersController < Projects::ApplicationController groups = Group.where(id: group_ids) groups.each do |group| + next unless can?(current_user, :read_group, group) + project.project_group_links.create( group: group, group_access: params[:access_level], |