diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-01-24 21:29:52 +0200 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-01-24 21:29:52 +0200 |
| commit | 237ddd60244526ab5869c78cc086cec637544399 (patch) | |
| tree | 350ad3d13aeaaa11bfcf04b21403887889130fc4 | |
| parent | 4645f464a310d9b13620fdbc0e9a0933f427aca7 (diff) | |
| download | gitlab-ce-237ddd60244526ab5869c78cc086cec637544399.tar.gz | |
Improve authorization for new/edit blob pages
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
| -rw-r--r-- | app/controllers/projects/blob_controller.rb | 1 | ||||
| -rw-r--r-- | app/controllers/projects/edit_tree_controller.rb | 1 | ||||
| -rw-r--r-- | app/controllers/projects/new_tree_controller.rb | 1 | ||||
| -rw-r--r-- | app/views/projects/tree/_tree.html.haml | 2 |
4 files changed, 4 insertions, 1 deletions
diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb index 2aa73471e2b..a1a8bed09f4 100644 --- a/app/controllers/projects/blob_controller.rb +++ b/app/controllers/projects/blob_controller.rb @@ -6,6 +6,7 @@ class Projects::BlobController < Projects::ApplicationController before_filter :authorize_read_project! before_filter :authorize_code_access! before_filter :require_non_empty_project + before_filter :authorize_push!, only: [:destroy] before_filter :blob diff --git a/app/controllers/projects/edit_tree_controller.rb b/app/controllers/projects/edit_tree_controller.rb index aa4631300e0..6bd1a455f32 100644 --- a/app/controllers/projects/edit_tree_controller.rb +++ b/app/controllers/projects/edit_tree_controller.rb @@ -1,6 +1,7 @@ class Projects::EditTreeController < Projects::BaseTreeController before_filter :require_branch_head before_filter :blob + before_filter :authorize_push! def show @last_commit = Gitlab::Git::Commit.last_for_path(@repository, @ref, @path).sha diff --git a/app/controllers/projects/new_tree_controller.rb b/app/controllers/projects/new_tree_controller.rb index 2f3647ab071..3a51a78ef6f 100644 --- a/app/controllers/projects/new_tree_controller.rb +++ b/app/controllers/projects/new_tree_controller.rb @@ -1,5 +1,6 @@ class Projects::NewTreeController < Projects::BaseTreeController before_filter :require_branch_head + before_filter :authorize_push! def show end diff --git a/app/views/projects/tree/_tree.html.haml b/app/views/projects/tree/_tree.html.haml index 4e80872df48..ee850e2bc1b 100644 --- a/app/views/projects/tree/_tree.html.haml +++ b/app/views/projects/tree/_tree.html.haml @@ -9,7 +9,7 @@ = link_to truncate(title, length: 40), project_tree_path(@project, path) - else = link_to title, '#' - - if @repository.branch_names.include?(@ref) + - if current_user && @repository.branch_names.include?(@ref) && current_user.can?(:push_code, @project) %li = link_to project_new_tree_path(@project, @id), title: 'New file', id: 'new-file-link' do %small |