diff options
author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-02-01 23:58:04 +0100 |
---|---|---|
committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-02-02 09:18:08 +0100 |
commit | 055afab5c7d33d061d339c270bd258ed847450f3 (patch) | |
tree | e72ba0bc495456f3f106d23576810cec4238af21 /app/controllers/projects/builds_controller.rb | |
parent | 7df149bb63c91792fb958db87b24bb120463a49e (diff) | |
download | gitlab-ce-055afab5c7d33d061d339c270bd258ed847450f3.tar.gz |
Make the CI permission model simpler
This MR simplifies CI permission model:
- read_build: allows to read a list of builds, artifacts and trace
- update_build: allows to cancel and retry builds
- create_build: allows to create builds from gitlab-ci.yml (not yet implemented)
- admin_build: allows to manage triggers, runners and variables
- read_commit_status: allows to read a list of commit statuses (including the overall of builds)
- create_commit_status: allows to create a new commit status using API
Remove all extra methods to manage permission.
Made all controllers to use explicitly the new permissions.
Diffstat (limited to 'app/controllers/projects/builds_controller.rb')
-rw-r--r-- | app/controllers/projects/builds_controller.rb | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb index 92d9699fe84..9e89296e71d 100644 --- a/app/controllers/projects/builds_controller.rb +++ b/app/controllers/projects/builds_controller.rb @@ -1,7 +1,8 @@ class Projects::BuildsController < Projects::ApplicationController before_action :build, except: [:index, :cancel_all] - before_action :authorize_manage_builds!, except: [:index, :show, :status] + before_action :authorize_read_build!, except: [:cancel, :cancel_all, :retry] + before_action :authorize_update_build!, except: [:index, :show, :status] layout "project" @@ -69,10 +70,4 @@ class Projects::BuildsController < Projects::ApplicationController def build_path(build) namespace_project_build_path(build.project.namespace, build.project, build) end - - def authorize_manage_builds! - unless can?(current_user, :manage_builds, project) - return render_404 - end - end end |