Fix mass-assignment. Dont allow users w/o access to create team

author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-01-25 15:42:41 +0200
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-01-25 15:42:41 +0200
commit: 3ddd9f753c0a6a57313ea4860bf7167f98f53cd2 (patch)
tree: a6cef7e57fde4fedcc4ced7710a1631198a2f7b0 /app/controllers/application_controller.rb
parent: 70e05801b196a460ec2b1d6f6f096f44d32b7928 (diff)
download: gitlab-ce-3ddd9f753c0a6a57313ea4860bf7167f98f53cd2.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index f903c7fdd62..74125e3308a 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -94,6 +94,10 @@ class ApplicationController < ActionController::Base
     return access_denied! unless can?(current_user, :download_code, project)
   end
 
+  def authorize_create_team!
+    return access_denied! unless can?(current_user, :create_team, nil)
+  end
+
   def authorize_manage_user_team!
     return access_denied! unless user_team.present? && can?(current_user, :manage_user_team, user_team)
   end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-01-25 15:42:41 +0200
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-01-25 15:42:41 +0200
commit	3ddd9f753c0a6a57313ea4860bf7167f98f53cd2 (patch)
tree	a6cef7e57fde4fedcc4ced7710a1631198a2f7b0 /app/controllers/application_controller.rb
parent	70e05801b196a460ec2b1d6f6f096f44d32b7928 (diff)
download	gitlab-ce-3ddd9f753c0a6a57313ea4860bf7167f98f53cd2.tar.gz