diff options
author | Sean McGivern <sean@gitlab.com> | 2019-05-02 11:13:42 +0100 |
---|---|---|
committer | Sean McGivern <sean@gitlab.com> | 2019-05-02 11:13:42 +0100 |
commit | c1892f6c9000cacafae4f6c8992ba6c1128c8c95 (patch) | |
tree | 237c2955a1514b9be6b8b09c4bdb16323573641a /app/controllers/uploads_controller.rb | |
parent | acb55198b4a05a0b4ac2662bf68cfeb3d744ca01 (diff) | |
download | gitlab-ce-c1892f6c9000cacafae4f6c8992ba6c1128c8c95.tar.gz |
Remove the `comment_personal_snippet` permissionremove-comment-personal-snippet-permission
This is now entirely handled by `create_note`:
1. Project snippets prevent `create_note`.
2. Uploads already only support routing for personal snippets.
This simplifies some policies and access checks, too!
Diffstat (limited to 'app/controllers/uploads_controller.rb')
-rw-r--r-- | app/controllers/uploads_controller.rb | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb index 568c6e2a852..060b09f015c 100644 --- a/app/controllers/uploads_controller.rb +++ b/app/controllers/uploads_controller.rb @@ -56,8 +56,9 @@ class UploadsController < ApplicationController def authorize_create_access! return unless model - # for now we support only personal snippets comments - authorized = can?(current_user, :comment_personal_snippet, model) + # for now we support only personal snippets comments. Only personal_snippet + # is allowed as a model to #create through routing. + authorized = can?(current_user, :create_note, model) render_unauthorized unless authorized end |