Fix project pages for authorized user

2 files changed, 5 insertions, 4 deletions

diff --git a/app/controllers/ci/application_controller.rb b/app/controllers/ci/application_controller.rb
index e5c99066a68..9a32efaee7d 100644
--- a/app/controllers/ci/application_controller.rb
+++ b/app/controllers/ci/application_controller.rb
@@ -8,7 +8,6 @@ module Ci
 
     rescue_from Ci::Network::UnauthorizedError, with: :invalid_token
     before_filter :default_headers
-    #before_filter :check_config
     helper_method :gl_project
 
     protect_from_forgery
@@ -38,7 +37,7 @@ module Ci
     end
 
     def authorize_manage_builds!
-      unless can?(current_user, :manage_builds, gl_project)
+      unless can?(current_user, :admin_project, gl_project)
         return page_404
       end
     end
@@ -48,7 +47,7 @@ module Ci
     end
 
     def authorize_manage_project!
-      unless can?(current_user, :manage_project, gl_project)
+      unless can?(current_user, :admin_project, gl_project)
         return page_404
       end
     end
diff --git a/app/controllers/ci/runners_controller.rb b/app/controllers/ci/runners_controller.rb
index 0ef32ce928f..0e9d576a15b 100644
--- a/app/controllers/ci/runners_controller.rb
+++ b/app/controllers/ci/runners_controller.rb
@@ -10,7 +10,9 @@ module Ci
 
     def index
       @runners = @project.runners.order('id DESC')
-      @specific_runners = current_user.authorized_runners.
+      @specific_runners =
+        Ci::Runner.specific.includes(:runner_projects).
+        where(Ci::RunnerProject.table_name => { project_id: current_user.authorized_projects } ).
         where.not(id:  @runners).order("#{Ci::Runner.table_name}.id DESC").page(params[:page]).per(20)
       @shared_runners = Ci::Runner.shared.active
       @shared_runners_count = @shared_runners.count(:all)