diff options
| author | Dylan Griffith <dyl.griffith@gmail.com> | 2018-05-07 08:56:59 +0200 |
|---|---|---|
| committer | Dylan Griffith <dyl.griffith@gmail.com> | 2018-05-07 14:06:29 +0200 |
| commit | 131ca31b23863226e57e0e3dd2ea78f91573f631 (patch) | |
| tree | fe129527e0276c517791c43ef84c530ce999eda3 | |
| parent | 8f29d9c6eee0e2de827249d07dea644936297630 (diff) | |
| download | gitlab-ce-131ca31b23863226e57e0e3dd2ea78f91573f631.tar.gz | |
Add a comment about implementing proper policies for group runner permissions
| -rw-r--r-- | app/controllers/groups/runners_controller.rb | 3 | ||||
| -rw-r--r-- | app/views/groups/runners/_group_runners.html.haml | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb index 152966e0fbc..c09ae335882 100644 --- a/app/controllers/groups/runners_controller.rb +++ b/app/controllers/groups/runners_controller.rb @@ -1,5 +1,8 @@ class Groups::RunnersController < Groups::ApplicationController + # Proper policies should be implemented per + # https://gitlab.com/gitlab-org/gitlab-ce/issues/45894 before_action :authorize_admin_pipeline! + before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show] def show diff --git a/app/views/groups/runners/_group_runners.html.haml b/app/views/groups/runners/_group_runners.html.haml index d1616b537f9..f0e8735b54e 100644 --- a/app/views/groups/runners/_group_runners.html.haml +++ b/app/views/groups/runners/_group_runners.html.haml @@ -4,6 +4,8 @@ GitLab Group Runners can execute code for all the projects in this group. They can be managed using the #{link_to 'Runners API', help_page_path('api/runners.md')}. +-# Proper policies should be implemented per +-# https://gitlab.com/gitlab-org/gitlab-ce/issues/45894 - if can?(current_user, :admin_pipeline, @group) = render partial: 'ci/runner/how_to_setup_runner', locals: { registration_token: @group.runners_token, type: 'group' } |