diff options
author | Vinnie Okada <vokada@mrvinn.com> | 2015-03-07 12:47:06 -0700 |
---|---|---|
committer | Vinnie Okada <vokada@mrvinn.com> | 2015-03-08 17:57:08 -0600 |
commit | 928fc94c3d900069902b097d6464acee712a886c (patch) | |
tree | e30cbea42055c082e76881bd36ccd94f72afac8e /app/services/update_snippet_service.rb | |
parent | 285c5341855f8af6cbea5e964e3104a4698fa450 (diff) | |
download | gitlab-ce-928fc94c3d900069902b097d6464acee712a886c.tar.gz |
Enforce restricted visibilities for snippets
Add new service classes to create and update project and personal
snippets. These classes are responsible for enforcing restricted
visibility settings for non-admin users.
Diffstat (limited to 'app/services/update_snippet_service.rb')
-rw-r--r-- | app/services/update_snippet_service.rb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/app/services/update_snippet_service.rb b/app/services/update_snippet_service.rb index b7a719f2526..9d181c2d2ab 100644 --- a/app/services/update_snippet_service.rb +++ b/app/services/update_snippet_service.rb @@ -1,7 +1,7 @@ class UpdateSnippetService < BaseService attr_accessor :snippet - def initialize(project = nil, user, snippet, params = {}) + def initialize(project, user, snippet, params) super(project, user, params) @snippet = snippet end @@ -9,10 +9,10 @@ class UpdateSnippetService < BaseService def execute # check that user is allowed to set specified visibility_level new_visibility = params[:visibility_level] - if new_visibility && new_visibility != snippet.visibility_level + if new_visibility && new_visibility.to_i != snippet.visibility_level unless can?(current_user, :change_visibility_level, snippet) && Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility) - deny_visibility_level(snippet, new_visibility_level) + deny_visibility_level(snippet, new_visibility) return snippet end end |