summaryrefslogtreecommitdiff
path: root/app/policies
diff options
context:
space:
mode:
authorShinya Maeda <shinya@gitlab.com>2017-06-26 18:25:08 +0900
committerShinya Maeda <shinya@gitlab.com>2017-07-05 18:38:25 +0900
commit6e8ea52be6f75c99556ee4615f6213d991969bfd (patch)
treef4d5c894eea7e1bf76a0f21f527e69cf7bcc1af5 /app/policies
parente364c118a05e4d11677b997a5e31b2f1aa8a4a92 (diff)
downloadgitlab-ce-6e8ea52be6f75c99556ee4615f6213d991969bfd.tar.gz
Add functionality and security.
Diffstat (limited to 'app/policies')
-rw-r--r--app/policies/ci/pipeline_schedule_policy.rb22
1 files changed, 6 insertions, 16 deletions
diff --git a/app/policies/ci/pipeline_schedule_policy.rb b/app/policies/ci/pipeline_schedule_policy.rb
index db561dafbd3..2506c179157 100644
--- a/app/policies/ci/pipeline_schedule_policy.rb
+++ b/app/policies/ci/pipeline_schedule_policy.rb
@@ -2,24 +2,14 @@ module Ci
class PipelineSchedulePolicy < PipelinePolicy
alias_method :pipeline_schedule, :subject
- condition(:protected_action) do
- owned_by_developer? && owned_by_another?
- end
-
- rule { protected_action }.prevent :update_pipeline_schedule
-
- private
-
- def owned_by_developer?
- return false unless @user
-
- pipeline_schedule.project.team.developer?(@user)
- end
+ def rules
+ super
- def owned_by_another?
- return false unless @user
+ access = pipeline_schedule.project.team.max_member_access(user.id)
- !pipeline_schedule.owned_by?(@user)
+ if access == Gitlab::Access::DEVELOPER && pipeline_schedule.owner != user
+ cannot! :update_pipeline_schedule
+ end
end
end
end
View Lorry Controller Status