Define authorize_update_pipeline_schedule and apply to :edit, :take_ownership, :update

1 files changed, 6 insertions, 4 deletions

diff --git a/app/controllers/projects/pipeline_schedules_controller.rb b/app/controllers/projects/pipeline_schedules_controller.rb
index 3f395bd9cea..86c9628d917 100644
--- a/app/controllers/projects/pipeline_schedules_controller.rb
+++ b/app/controllers/projects/pipeline_schedules_controller.rb
@@ -1,11 +1,11 @@
 class Projects::PipelineSchedulesController < Projects::ApplicationController
+  before_action :schedule, only: [:edit, :update, :destroy, :take_ownership]
+
   before_action :authorize_read_pipeline_schedule!
   before_action :authorize_create_pipeline_schedule!, only: [:new, :create]
   before_action :authorize_update_pipeline_schedule!, only: [:edit, :take_ownership, :update]
   before_action :authorize_admin_pipeline_schedule!, only: [:destroy]
 
-  before_action :schedule, only: [:edit, :update, :destroy, :take_ownership]
-
   def index
     @scope = params[:scope]
     @all_schedules = PipelineSchedulesFinder.new(@project).execute
@@ -33,8 +33,6 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
   end
 
   def update
-    return access_denied! unless can?(current_user, :update_pipeline_schedule, schedule)
-
     if Ci::CreatePipelineScheduleService
         .new(@project, current_user, schedule_params).update(schedule)
       redirect_to namespace_project_pipeline_schedules_path(@project.namespace.becomes(Namespace), @project)
@@ -72,4 +70,8 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
       .permit(:description, :cron, :cron_timezone, :ref, :active,
         variables_attributes: [:id, :key, :value, :_destroy] )
   end
+
+  def authorize_update_pipeline_schedule!
+    return access_denied! unless can?(current_user, :update_pipeline_schedule, schedule)
+  end
 end