diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-08-29 21:33:57 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-08-29 21:33:57 +0000 |
commit | be128484b5f74b25ac9559bc47375d30a803f296 (patch) | |
tree | bf658784c03c2c46e68770c42dd2e5e6a3daf6e8 /app/controllers | |
parent | 70818d3d68c925a13e11f4c52836d8ea1ccfd913 (diff) | |
parent | d29ea1fa13c730abfb9ee1f88ec703e29b234970 (diff) | |
download | gitlab-ce-be128484b5f74b25ac9559bc47375d30a803f296.tar.gz |
Merge branch 'security-group-runners-permissions' into 'master'
admin_group authorization for Groups::RunnersController
See merge request gitlab/gitlabhq!3325
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/groups/runners_controller.rb | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb index f8e32451b02..af2b2cbd1fd 100644 --- a/app/controllers/groups/runners_controller.rb +++ b/app/controllers/groups/runners_controller.rb @@ -3,7 +3,7 @@ class Groups::RunnersController < Groups::ApplicationController # Proper policies should be implemented per # https://gitlab.com/gitlab-org/gitlab-ce/issues/45894 - before_action :authorize_admin_pipeline! + before_action :authorize_admin_group! before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show] @@ -50,10 +50,6 @@ class Groups::RunnersController < Groups::ApplicationController @runner ||= @group.runners.find(params[:id]) end - def authorize_admin_pipeline! - return render_404 unless can?(current_user, :admin_pipeline, group) - end - def runner_params params.require(:runner).permit(Ci::Runner::FORM_EDITABLE) end |