Fix permissions check in controller, added relevant spec and updated docs

author: James Lopez <james@jameslopez.es> 2016-08-11 16:59:37 +0200
committer: James Lopez <james@jameslopez.es> 2016-08-11 16:59:37 +0200
commit: 30f9596c612abc19dd060fa3a8e8ae3d92001d45 (patch)
tree: 2d63a2407f4e99a22be8581194d40cebf4535d98 /app/controllers/import
parent: 34d5426f0e17a9d0a2d2330b472114e7e457ae05 (diff)
download: gitlab-ce-30f9596c612abc19dd060fa3a8e8ae3d92001d45.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/import/gitlab_projects_controller.rb b/app/controllers/import/gitlab_projects_controller.rb
index 3ec173abcdb..7d0eff37635 100644
--- a/app/controllers/import/gitlab_projects_controller.rb
+++ b/app/controllers/import/gitlab_projects_controller.rb
@@ -1,5 +1,6 @@
 class Import::GitlabProjectsController < Import::BaseController
   before_action :verify_gitlab_project_import_enabled
+  before_action :authenticate_admin!
 
   def new
     @namespace_id = project_params[:namespace_id]
@@ -47,4 +48,8 @@ class Import::GitlabProjectsController < Import::BaseController
       :path, :namespace_id, :file
     )
   end
+
+  def authenticate_admin!
+    render_404 unless current_user.is_admin?
+  end
 end
author	James Lopez <james@jameslopez.es>	2016-08-11 16:59:37 +0200
committer	James Lopez <james@jameslopez.es>	2016-08-11 16:59:37 +0200
commit	30f9596c612abc19dd060fa3a8e8ae3d92001d45 (patch)
tree	2d63a2407f4e99a22be8581194d40cebf4535d98 /app/controllers/import
parent	34d5426f0e17a9d0a2d2330b472114e7e457ae05 (diff)
download	gitlab-ce-30f9596c612abc19dd060fa3a8e8ae3d92001d45.tar.gz