diff options
author | Robert Speicher <robert@gitlab.com> | 2015-12-03 23:46:55 +0000 |
---|---|---|
committer | Robert Speicher <robert@gitlab.com> | 2015-12-03 23:46:55 +0000 |
commit | 05d5485dd4c9f8c99d52d8001e5cbc85b081429f (patch) | |
tree | 1c9eee6f221a51cbee0c0e61c84ef2c49be819bb | |
parent | bcf74d6e8c30c337f664773ec53c530b3eb0de57 (diff) | |
parent | a89d6d1428d61bd2ae6f530acfc5a34d5a9c46e8 (diff) | |
download | gitlab-ce-05d5485dd4c9f8c99d52d8001e5cbc85b081429f.tar.gz |
Merge branch 'new-tag-branch-authorization' into 'master'
Add authorization to new branch/tag pages.
The create actions have authorization, the new actions didn't,
so no-one unauthorized could actually do anything, but it was wrong(TM).
See merge request !1979
-rw-r--r-- | app/controllers/projects/branches_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/tags_controller.rb | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb index 3ac0a75fa70..3c2849a7601 100644 --- a/app/controllers/projects/branches_controller.rb +++ b/app/controllers/projects/branches_controller.rb @@ -3,7 +3,7 @@ class Projects::BranchesController < Projects::ApplicationController # Authorize before_action :require_non_empty_project before_action :authorize_download_code! - before_action :authorize_push_code!, only: [:create, :destroy] + before_action :authorize_push_code!, only: [:new, :create, :destroy] def index @sort = params[:sort] || 'name' diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb index cb39c2b8782..280fe12cc7c 100644 --- a/app/controllers/projects/tags_controller.rb +++ b/app/controllers/projects/tags_controller.rb @@ -2,7 +2,7 @@ class Projects::TagsController < Projects::ApplicationController # Authorize before_action :require_non_empty_project before_action :authorize_download_code! - before_action :authorize_push_code!, only: [:create] + before_action :authorize_push_code!, only: [:new, :create] before_action :authorize_admin_project!, only: [:destroy] def index |