summaryrefslogtreecommitdiff
path: root/app/controllers/projects/snippets_controller.rb
diff options
context:
space:
mode:
authorRémy Coutable <remy@rymai.me>2016-03-25 18:51:17 +0100
committerRémy Coutable <remy@rymai.me>2016-03-25 18:51:17 +0100
commit4f07c0a107b86ea23834a6797989963f1a63f5c1 (patch)
treea9348baea79a6245304b8f4d5d0edfe5256b38af /app/controllers/projects/snippets_controller.rb
parentf4bdefdff1861c0d0e2e6ae3418be969c2600b5f (diff)
downloadgitlab-ce-4f07c0a107b86ea23834a6797989963f1a63f5c1.tar.gz
Ensure project snippets have their own access level
Diffstat (limited to 'app/controllers/projects/snippets_controller.rb')
-rw-r--r--app/controllers/projects/snippets_controller.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb
index 383b86b68e0..6d2901a24a4 100644
--- a/app/controllers/projects/snippets_controller.rb
+++ b/app/controllers/projects/snippets_controller.rb
@@ -3,7 +3,7 @@ class Projects::SnippetsController < Projects::ApplicationController
before_action :snippet, only: [:show, :edit, :destroy, :update, :raw]
# Allow read any snippet
- before_action :authorize_read_project_snippet!, except: [:index]
+ before_action :authorize_read_project_snippet!, except: [:new, :create, :index]
# Allow write(create) snippet
before_action :authorize_create_project_snippet!, only: [:new, :create]