diff options
author | drew cimino <dcimino@gitlab.com> | 2019-08-13 19:03:05 -0400 |
---|---|---|
committer | drew cimino <dcimino@gitlab.com> | 2019-08-22 11:48:24 -0400 |
commit | d29ea1fa13c730abfb9ee1f88ec703e29b234970 (patch) | |
tree | 14d71bdfaf2c65f0fb7096b2aea99461731dffa9 /app | |
parent | 03bf3271c1a80db87a1a0bf23b6472f2d939861f (diff) | |
download | gitlab-ce-d29ea1fa13c730abfb9ee1f88ec703e29b234970.tar.gz |
admin_group authorization for Groups::RunnersController
- Use authorize_admin_group! instead of authorize_admin_pipeline!
- Added role-based permission specs for Groups::RunnersController
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/groups/runners_controller.rb | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb index f8e32451b02..af2b2cbd1fd 100644 --- a/app/controllers/groups/runners_controller.rb +++ b/app/controllers/groups/runners_controller.rb @@ -3,7 +3,7 @@ class Groups::RunnersController < Groups::ApplicationController # Proper policies should be implemented per # https://gitlab.com/gitlab-org/gitlab-ce/issues/45894 - before_action :authorize_admin_pipeline! + before_action :authorize_admin_group! before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show] @@ -50,10 +50,6 @@ class Groups::RunnersController < Groups::ApplicationController @runner ||= @group.runners.find(params[:id]) end - def authorize_admin_pipeline! - return render_404 unless can?(current_user, :admin_pipeline, group) - end - def runner_params params.require(:runner).permit(Ci::Runner::FORM_EDITABLE) end |