summaryrefslogtreecommitdiff
path: root/app/controllers/projects/snippets_controller.rb
diff options
context:
space:
mode:
authorAlfredo Sumaran <alfredo@gitlab.com>2016-03-29 10:48:39 -0500
committerAlfredo Sumaran <alfredo@gitlab.com>2016-03-29 10:48:39 -0500
commita41f5f59cbd1d29d0acc4b9d9782edabf81603b5 (patch)
treefcd45bd5f24902480c12179b9b2fbc04778ff0db /app/controllers/projects/snippets_controller.rb
parent2e5cd0f1669eea56c41bb690f28a85c3f98f68ed (diff)
parent54957d6932c2b159e01b60ee1d4e191cfdf5b713 (diff)
downloadgitlab-ce-issue_3400_port.tar.gz
Merge branch 'master' into issue_3400_portissue_3400_port
# Conflicts: # app/assets/javascripts/gl_dropdown.js.coffee
Diffstat (limited to 'app/controllers/projects/snippets_controller.rb')
-rw-r--r--app/controllers/projects/snippets_controller.rb6
1 files changed, 5 insertions, 1 deletions
diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb
index b578b419a46..6d2901a24a4 100644
--- a/app/controllers/projects/snippets_controller.rb
+++ b/app/controllers/projects/snippets_controller.rb
@@ -3,7 +3,7 @@ class Projects::SnippetsController < Projects::ApplicationController
before_action :snippet, only: [:show, :edit, :destroy, :update, :raw]
# Allow read any snippet
- before_action :authorize_read_project_snippet!
+ before_action :authorize_read_project_snippet!, except: [:new, :create, :index]
# Allow write(create) snippet
before_action :authorize_create_project_snippet!, only: [:new, :create]
@@ -81,6 +81,10 @@ class Projects::SnippetsController < Projects::ApplicationController
@snippet ||= @project.snippets.find(params[:id])
end
+ def authorize_read_project_snippet!
+ return render_404 unless can?(current_user, :read_project_snippet, @snippet)
+ end
+
def authorize_update_project_snippet!
return render_404 unless can?(current_user, :update_project_snippet, @snippet)
end
View Lorry Controller Status