diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-19 23:18:09 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-19 23:18:09 +0000 |
commit | 6ed4ec3e0b1340f96b7c043ef51d1b33bbe85fde (patch) | |
tree | dc4d20fe6064752c0bd323187252c77e0a89144b /app/controllers/groups/settings/repository_controller.rb | |
parent | 9868dae7fc0655bd7ce4a6887d4e6d487690eeed (diff) | |
download | gitlab-ce-6ed4ec3e0b1340f96b7c043ef51d1b33bbe85fde.tar.gz |
Add latest changes from gitlab-org/gitlab@15-4-stable-eev15.4.0-rc42
Diffstat (limited to 'app/controllers/groups/settings/repository_controller.rb')
-rw-r--r-- | app/controllers/groups/settings/repository_controller.rb | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/app/controllers/groups/settings/repository_controller.rb b/app/controllers/groups/settings/repository_controller.rb index b0431c31179..cb62ea2a543 100644 --- a/app/controllers/groups/settings/repository_controller.rb +++ b/app/controllers/groups/settings/repository_controller.rb @@ -5,8 +5,9 @@ module Groups class RepositoryController < Groups::ApplicationController layout 'group_settings' skip_cross_project_access_check :show - before_action :authorize_create_deploy_token! - before_action :define_deploy_token_variables + before_action :authorize_create_deploy_token!, only: :create_deploy_token + before_action :authorize_access!, only: :show + before_action :define_deploy_token_variables, if: -> { can?(current_user, :create_deploy_token, @group) } before_action do push_frontend_feature_flag(:ajax_new_deploy_token, @group) end @@ -16,13 +17,13 @@ module Groups def create_deploy_token result = Groups::DeployTokens::CreateService.new(@group, current_user, deploy_token_params).execute - @new_deploy_token = result[:deploy_token] if result[:status] == :success + @created_deploy_token = result[:deploy_token] respond_to do |format| format.json do # IMPORTANT: It's a security risk to expose the token value more than just once here! - json = API::Entities::DeployTokenWithToken.represent(@new_deploy_token).as_json + json = API::Entities::DeployTokenWithToken.represent(@created_deploy_token).as_json render json: json, status: result[:http_status] end format.html do @@ -31,6 +32,7 @@ module Groups end end else + @new_deploy_token = result[:deploy_token] respond_to do |format| format.json { render json: { message: result[:message] }, status: result[:http_status] } format.html do @@ -43,6 +45,10 @@ module Groups private + def authorize_access! + authorize_admin_group! + end + def define_deploy_token_variables @deploy_tokens = @group.deploy_tokens.active @@ -55,3 +61,5 @@ module Groups end end end + +Groups::Settings::RepositoryController.prepend_mod |