diff options
| author | Shinya Maeda <shinya@gitlab.com> | 2017-08-30 20:40:19 +0900 |
|---|---|---|
| committer | Shinya Maeda <shinya@gitlab.com> | 2017-09-04 21:10:34 +0900 |
| commit | bb22989c388bb7322e95af72c48d8422494d96e7 (patch) | |
| tree | be950bae4c2efee6bdc59f829b3d10740f8448e3 | |
| parent | 362f2226a5febb7a3a82e86f4a83e87a870d67b3 (diff) | |
| download | gitlab-ce-bb22989c388bb7322e95af72c48d8422494d96e7.tar.gz | |
Improve def pipeline_schedule with authrozation code
| -rw-r--r-- | lib/api/pipeline_schedules.rb | 29 |
1 files changed, 13 insertions, 16 deletions
diff --git a/lib/api/pipeline_schedules.rb b/lib/api/pipeline_schedules.rb index a6414bfe3f4..51baf12e287 100644 --- a/lib/api/pipeline_schedules.rb +++ b/lib/api/pipeline_schedules.rb @@ -31,8 +31,6 @@ module API requires :pipeline_schedule_id, type: Integer, desc: 'The pipeline schedule id' end get ':id/pipeline_schedules/:pipeline_schedule_id' do - authorize! :read_pipeline_schedule, user_project - present pipeline_schedule, with: Entities::PipelineScheduleDetails end @@ -72,7 +70,6 @@ module API optional :active, type: Boolean, desc: 'The activation of pipeline schedule' end put ':id/pipeline_schedules/:pipeline_schedule_id' do - authorize! :read_pipeline_schedule, user_project authorize! :update_pipeline_schedule, pipeline_schedule if pipeline_schedule.update(declared_params(include_missing: false)) @@ -89,7 +86,6 @@ module API requires :pipeline_schedule_id, type: Integer, desc: 'The pipeline schedule id' end post ':id/pipeline_schedules/:pipeline_schedule_id/take_ownership' do - authorize! :read_pipeline_schedule, user_project authorize! :update_pipeline_schedule, pipeline_schedule if pipeline_schedule.own!(current_user) @@ -106,7 +102,6 @@ module API requires :pipeline_schedule_id, type: Integer, desc: 'The pipeline schedule id' end delete ':id/pipeline_schedules/:pipeline_schedule_id' do - authorize! :read_pipeline_schedule, user_project authorize! :admin_pipeline_schedule, pipeline_schedule destroy_conditionally!(pipeline_schedule) @@ -121,7 +116,6 @@ module API requires :value, type: String, desc: 'The value of the variable' end post ':id/pipeline_schedules/:pipeline_schedule_id/variables' do - authorize! :read_pipeline_schedule, user_project authorize! :update_pipeline_schedule, pipeline_schedule variable_params = declared_params(include_missing: false) @@ -142,7 +136,6 @@ module API optional :value, type: String, desc: 'The value of the variable' end put ':id/pipeline_schedules/:pipeline_schedule_id/variables/:key' do - authorize! :read_pipeline_schedule, user_project authorize! :update_pipeline_schedule, pipeline_schedule if pipeline_schedule_variable.update(declared_params(include_missing: false)) @@ -160,7 +153,6 @@ module API requires :key, type: String, desc: 'The key of the variable' end delete ':id/pipeline_schedules/:pipeline_schedule_id/variables/:key' do - authorize! :read_pipeline_schedule, user_project authorize! :admin_pipeline_schedule, pipeline_schedule status :accepted @@ -171,18 +163,23 @@ module API helpers do def pipeline_schedule @pipeline_schedule ||= - user_project.pipeline_schedules - .preload(:owner, :last_pipeline) - .find_by(id: params.delete(:pipeline_schedule_id)) - - @pipeline_schedule || not_found!('Pipeline Schedule') + user_project + .pipeline_schedules + .preload(:owner, :last_pipeline) + .find_by(id: params.delete(:pipeline_schedule_id)).tap do |pipeline_schedule| + unless pipeline_schedule || can?(current_user, :read_pipeline_schedule, pipeline_schedule) + not_found!('Pipeline Schedule') + end + end end def pipeline_schedule_variable @pipeline_schedule_variable ||= - pipeline_schedule.variables.find_by(key: params[:key]) - - @pipeline_schedule_variable || not_found!('Pipeline Schedule Variable') + pipeline_schedule.variables.find_by(key: params[:key]).tap do |pipeline_schedule_variable| + unless pipeline_schedule_variable + not_found!('Pipeline Schedule Variable') + end + end end end end |