diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-05-05 13:24:07 +0200 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-05-05 14:04:45 +0200 |
commit | 61dd92aaff822759941bb224de9f45bfc5f7cc9b (patch) | |
tree | 5420994b4c32e9707a74739dd586f7a12c5c36c8 /app/controllers/projects/application_controller.rb | |
parent | 936367538043854c7b093b71ca315b8e469c55a4 (diff) | |
download | gitlab-ce-61dd92aaff822759941bb224de9f45bfc5f7cc9b.tar.gz |
Authorize build update on per object basis
Diffstat (limited to 'app/controllers/projects/application_controller.rb')
-rw-r--r-- | app/controllers/projects/application_controller.rb | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/app/controllers/projects/application_controller.rb b/app/controllers/projects/application_controller.rb index 89f1128ec36..afed0ac05a0 100644 --- a/app/controllers/projects/application_controller.rb +++ b/app/controllers/projects/application_controller.rb @@ -55,13 +55,15 @@ class Projects::ApplicationController < ApplicationController (current_user && current_user.already_forked?(project)) end - def authorize_project!(action) - return access_denied! unless can?(current_user, action, project) + def authorize_action!(action) + unless can?(current_user, action, project) + return access_denied! + end end def method_missing(method_sym, *arguments, &block) if method_sym.to_s =~ /\Aauthorize_(.*)!\z/ - authorize_project!($1.to_sym) + authorize_action!($1.to_sym) else super end |