diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2015-10-23 11:41:22 +0200 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2015-10-23 11:45:45 +0200 |
| commit | 3adfee1c8724d56e051da21e18d83435e8b6ba31 (patch) | |
| tree | 7a6a8cfaf71679269a1c06dd7e64e706101cfa5e | |
| parent | 127836dd541ce0ecd4976d002d97b3e9e57f4947 (diff) | |
| download | gitlab-ce-3adfee1c8724d56e051da21e18d83435e8b6ba31.tar.gz | |
Allow developer to manage builds
| -rw-r--r-- | app/controllers/ci/application_controller.rb | 8 | ||||
| -rw-r--r-- | app/controllers/projects/builds_controller.rb | 8 | ||||
| -rw-r--r-- | app/controllers/projects/commit_controller.rb | 11 |
3 files changed, 17 insertions, 10 deletions
diff --git a/app/controllers/ci/application_controller.rb b/app/controllers/ci/application_controller.rb index 9be470660e6..848f2b4e314 100644 --- a/app/controllers/ci/application_controller.rb +++ b/app/controllers/ci/application_controller.rb @@ -8,14 +8,6 @@ module Ci private - def authenticate_public_page! - unless project.public - authenticate_user! - - return access_denied! unless can?(current_user, :read_project, gl_project) - end - end - def authenticate_token! unless project.valid_token?(params[:token]) return head(403) diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb index ad0adc17866..7d72e0b951b 100644 --- a/app/controllers/projects/builds_controller.rb +++ b/app/controllers/projects/builds_controller.rb @@ -2,7 +2,7 @@ class Projects::BuildsController < Projects::ApplicationController before_action :ci_project before_action :build, except: [:index, :cancel_all] - before_action :authorize_admin_project!, except: [:index, :show, :status] + before_action :authorize_manage_builds!, except: [:index, :show, :status] layout "project" @@ -74,4 +74,10 @@ class Projects::BuildsController < Projects::ApplicationController def build_path(build) namespace_project_build_path(build.gl_project.namespace, build.gl_project, build) end + + def authorize_manage_builds! + unless can?(current_user, :manage_builds, project) + return page_404 + end + end end diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb index 7886f3c6deb..878c3a66e7d 100644 --- a/app/controllers/projects/commit_controller.rb +++ b/app/controllers/projects/commit_controller.rb @@ -4,7 +4,8 @@ class Projects::CommitController < Projects::ApplicationController # Authorize before_action :require_non_empty_project - before_action :authorize_download_code! + before_action :authorize_download_code!, except: [:cancel_builds] + before_action :authorize_manage_builds!, only: [:cancel_builds] before_action :commit def show @@ -55,4 +56,12 @@ class Projects::CommitController < Projects::ApplicationController def commit @commit ||= @project.commit(params[:id]) end + + private + + def authorize_manage_builds! + unless can?(current_user, :manage_builds, project) + return page_404 + end + end end |