diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-11 03:09:13 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-11 03:09:13 +0000 |
commit | ea99abb145ed193c2ac5d19efbff3b8990a54c9c (patch) | |
tree | c4f3870175c3334d0842eb429b5395a7845c2528 /app/controllers/groups/boards_controller.rb | |
parent | a9104a50136e485c8dda7af37106332f9010a1e8 (diff) | |
download | gitlab-ce-ea99abb145ed193c2ac5d19efbff3b8990a54c9c.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/controllers/groups/boards_controller.rb')
-rw-r--r-- | app/controllers/groups/boards_controller.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/groups/boards_controller.rb b/app/controllers/groups/boards_controller.rb index 8c9bf17f017..fab84fb8299 100644 --- a/app/controllers/groups/boards_controller.rb +++ b/app/controllers/groups/boards_controller.rb @@ -4,6 +4,7 @@ class Groups::BoardsController < Groups::ApplicationController include BoardsActions include RecordUserLastActivity + before_action :authorize_read_board!, only: [:index, :show] before_action :assign_endpoint_vars before_action do push_frontend_feature_flag(:multi_select_board, default_enabled: true) @@ -16,4 +17,8 @@ class Groups::BoardsController < Groups::ApplicationController @namespace_path = group.to_param @labels_endpoint = group_labels_url(group) end + + def authorize_read_board! + access_denied! unless can?(current_user, :read_board, group) + end end |