diff options
| author | Shinya Maeda <shinya@gitlab.com> | 2017-06-28 21:42:13 +0900 |
|---|---|---|
| committer | Shinya Maeda <shinya@gitlab.com> | 2017-07-05 18:38:28 +0900 |
| commit | 5c91e10b9e1a3411075bd6597532be5655aa07c1 (patch) | |
| tree | 19cfb80015433516e4aeba77f60437dd467eeffc | |
| parent | ad30a5a9bba93dc771e70608d5afd06611437770 (diff) | |
| download | gitlab-ce-5c91e10b9e1a3411075bd6597532be5655aa07c1.tar.gz | |
zh nich catches 2
| -rw-r--r-- | app/controllers/projects/pipeline_schedules_controller.rb | 4 | ||||
| -rw-r--r-- | app/policies/ci/pipeline_schedule_policy.rb | 6 |
2 files changed, 7 insertions, 3 deletions
diff --git a/app/controllers/projects/pipeline_schedules_controller.rb b/app/controllers/projects/pipeline_schedules_controller.rb index 9bcdfc2b510..f0ac0e7098c 100644 --- a/app/controllers/projects/pipeline_schedules_controller.rb +++ b/app/controllers/projects/pipeline_schedules_controller.rb @@ -1,9 +1,9 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController - before_action :schedule, only: [:edit, :update, :destroy, :take_ownership] + before_action :schedule, except: [:index, :new, :create] before_action :authorize_read_pipeline_schedule! before_action :authorize_create_pipeline_schedule!, only: [:new, :create] - before_action :authorize_update_pipeline_schedule!, only: [:edit, :take_ownership, :update] + before_action :authorize_update_pipeline_schedule!, except: [:index, :new, :create] before_action :authorize_admin_pipeline_schedule!, only: [:destroy] def index diff --git a/app/policies/ci/pipeline_schedule_policy.rb b/app/policies/ci/pipeline_schedule_policy.rb index 9945fec3aaa..0e26b6e688a 100644 --- a/app/policies/ci/pipeline_schedule_policy.rb +++ b/app/policies/ci/pipeline_schedule_policy.rb @@ -5,7 +5,7 @@ module Ci def rules super - if owned_by_developer? && pipeline_schedule.owner != user + if owned_by_developer? && owned_by_another? cannot! :update_pipeline_schedule end end @@ -15,5 +15,9 @@ module Ci def owned_by_developer? pipeline_schedule.project.team.developer?(user) end + + def owned_by_another? + !pipeline_schedule.owned_by?(user) + end end end |