Add functionality and security.

author: Shinya Maeda <shinya@gitlab.com> 2017-06-26 18:25:08 +0900
committer: Shinya Maeda <shinya@gitlab.com> 2017-07-05 18:36:18 +0900
commit: 1247ae0de9a365859db14812db7b1ddeacbd87f4 (patch)
tree: d6f4ca3cd919515ae244cf84411fab167cc2edb8 /app/policies
parent: 3ea04616c38493ae03b31f54c88b6551b6d65b6f (diff)
download: gitlab-ce-1247ae0de9a365859db14812db7b1ddeacbd87f4.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/app/policies/ci/pipeline_schedule_policy.rb b/app/policies/ci/pipeline_schedule_policy.rb
index 1877e89bb23..2506c179157 100644
--- a/app/policies/ci/pipeline_schedule_policy.rb
+++ b/app/policies/ci/pipeline_schedule_policy.rb
@@ -1,4 +1,15 @@
 module Ci
   class PipelineSchedulePolicy < PipelinePolicy
+    alias_method :pipeline_schedule, :subject
+
+    def rules
+      super
+
+      access = pipeline_schedule.project.team.max_member_access(user.id)
+
+      if access == Gitlab::Access::DEVELOPER && pipeline_schedule.owner != user
+        cannot! :update_pipeline_schedule
+      end
+    end
   end
 end
author	Shinya Maeda <shinya@gitlab.com>	2017-06-26 18:25:08 +0900
committer	Shinya Maeda <shinya@gitlab.com>	2017-07-05 18:36:18 +0900
commit	1247ae0de9a365859db14812db7b1ddeacbd87f4 (patch)
tree	d6f4ca3cd919515ae244cf84411fab167cc2edb8 /app/policies
parent	3ea04616c38493ae03b31f54c88b6551b6d65b6f (diff)
download	gitlab-ce-1247ae0de9a365859db14812db7b1ddeacbd87f4.tar.gz