diff options
author | Rubén Dávila <ruben@gitlab.com> | 2017-12-11 09:53:31 -0500 |
---|---|---|
committer | Rubén Dávila <ruben@gitlab.com> | 2017-12-11 09:53:31 -0500 |
commit | 429302b34c5d66bd79f49284964cfc21db794ba7 (patch) | |
tree | 586f615c6b70b46b81eee51339ad358a427ef429 /app/controllers | |
parent | 806a68a81f1baeed07c146b1b5d9eb77796c46ba (diff) | |
download | gitlab-ce-429302b34c5d66bd79f49284964cfc21db794ba7.tar.gz |
Bugfix: User can't change the access level of an access requester
The endpoint was returning 404 because it was only searching on the
current members of a Group or Project and not the access requesters.
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/groups/group_members_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/project_members_controller.rb | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb index 8fc234a62b1..5919bf54468 100644 --- a/app/controllers/groups/group_members_controller.rb +++ b/app/controllers/groups/group_members_controller.rb @@ -22,7 +22,7 @@ class Groups::GroupMembersController < Groups::ApplicationController end def update - @group_member = @group.group_members.find(params[:id]) + @group_member = @group.members_and_requesters.find(params[:id]) return render_403 unless can?(current_user, :update_group_member, @group_member) diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb index d925dcd21ff..5a01a59481b 100644 --- a/app/controllers/projects/project_members_controller.rb +++ b/app/controllers/projects/project_members_controller.rb @@ -26,7 +26,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController end def update - @project_member = @project.project_members.find(params[:id]) + @project_member = @project.members_and_requesters.find(params[:id]) return render_403 unless can?(current_user, :update_project_member, @project_member) |