diff options
author | Shinya Maeda <shinya@gitlab.com> | 2017-06-27 16:23:16 +0900 |
---|---|---|
committer | Shinya Maeda <shinya@gitlab.com> | 2017-07-05 18:36:18 +0900 |
commit | ba63dcbfc6b2638cfd044cf3abf85af2e2804bf0 (patch) | |
tree | f206213e100cc92e493a78a211f981bcf1c33105 /app/controllers/projects/pipeline_schedules_controller.rb | |
parent | c3635dd1cbf2cfbab67264eb095f85d7f6004a73 (diff) | |
download | gitlab-ce-ba63dcbfc6b2638cfd044cf3abf85af2e2804bf0.tar.gz |
Define authorize_update_pipeline_schedule and apply to :edit, :take_ownership, :update
Diffstat (limited to 'app/controllers/projects/pipeline_schedules_controller.rb')
-rw-r--r-- | app/controllers/projects/pipeline_schedules_controller.rb | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/app/controllers/projects/pipeline_schedules_controller.rb b/app/controllers/projects/pipeline_schedules_controller.rb index 3f395bd9cea..86c9628d917 100644 --- a/app/controllers/projects/pipeline_schedules_controller.rb +++ b/app/controllers/projects/pipeline_schedules_controller.rb @@ -1,11 +1,11 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController + before_action :schedule, only: [:edit, :update, :destroy, :take_ownership] + before_action :authorize_read_pipeline_schedule! before_action :authorize_create_pipeline_schedule!, only: [:new, :create] before_action :authorize_update_pipeline_schedule!, only: [:edit, :take_ownership, :update] before_action :authorize_admin_pipeline_schedule!, only: [:destroy] - before_action :schedule, only: [:edit, :update, :destroy, :take_ownership] - def index @scope = params[:scope] @all_schedules = PipelineSchedulesFinder.new(@project).execute @@ -33,8 +33,6 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController end def update - return access_denied! unless can?(current_user, :update_pipeline_schedule, schedule) - if Ci::CreatePipelineScheduleService .new(@project, current_user, schedule_params).update(schedule) redirect_to namespace_project_pipeline_schedules_path(@project.namespace.becomes(Namespace), @project) @@ -72,4 +70,8 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController .permit(:description, :cron, :cron_timezone, :ref, :active, variables_attributes: [:id, :key, :value, :_destroy] ) end + + def authorize_update_pipeline_schedule! + return access_denied! unless can?(current_user, :update_pipeline_schedule, schedule) + end end |