Authorize read_pipeline before read_build

author: Matija Čupić <matteeyah@gmail.com> 2018-12-18 14:36:26 +0100
committer: Matija Čupić <matteeyah@gmail.com> 2018-12-22 12:11:36 +0100
commit: 8a36125ada579300f746e0f2207282149acdf1b3 (patch)
tree: 705ce742c19ad072722181bad4bd633bf2c79d80
parent: b19065594989d13a417660fc346f6213cd73674d (diff)
download: gitlab-ce-8a36125ada579300f746e0f2207282149acdf1b3.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/api/jobs.rb b/lib/api/jobs.rb
index bd704f3bf25..e2ab60f3855 100644
--- a/lib/api/jobs.rb
+++ b/lib/api/jobs.rb
@@ -59,6 +59,7 @@ module API
       # rubocop: disable CodeReuse/ActiveRecord
       get ':id/pipelines/:pipeline_id/jobs' do
         pipeline = user_project.ci_pipelines.find(params[:pipeline_id])
+        authorize!(:read_pipeline, user_project)
         authorize!(:read_build, pipeline)
 
         builds = pipeline.builds
author	Matija Čupić <matteeyah@gmail.com>	2018-12-18 14:36:26 +0100
committer	Matija Čupić <matteeyah@gmail.com>	2018-12-22 12:11:36 +0100
commit	8a36125ada579300f746e0f2207282149acdf1b3 (patch)
tree	705ce742c19ad072722181bad4bd633bf2c79d80
parent	b19065594989d13a417660fc346f6213cd73674d (diff)
download	gitlab-ce-8a36125ada579300f746e0f2207282149acdf1b3.tar.gz