diff options
author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-07-17 08:26:00 +0300 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-07-17 08:26:00 +0300 |
commit | 9ea5766c3554843b88bfb65de48872ccd50363e7 (patch) | |
tree | 50dd6a986c6bcb6acb5403156f1d21371c4e610b /app | |
parent | 29306dd6a41a20210bc30775a437a67649b99038 (diff) | |
download | gitlab-ce-9ea5766c3554843b88bfb65de48872ccd50363e7.tar.gz |
Improve permissions on tags/branches
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/application_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/projects/branches_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/projects/tags_controller.rb | 5 | ||||
-rw-r--r-- | app/views/projects/repositories/_filter.html.haml | 1 |
4 files changed, 11 insertions, 3 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e84220c1e57..9a43381f405 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -91,6 +91,10 @@ class ApplicationController < ActionController::Base return access_denied! unless can?(current_user, :download_code, project) or project.public? end + def authorize_push! + return access_denied! unless can?(current_user, :push_code, project) + end + def authorize_create_team! return access_denied! unless can?(current_user, :create_team, nil) end diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb index a9d9cfb61e1..cd28d75409f 100644 --- a/app/controllers/projects/branches_controller.rb +++ b/app/controllers/projects/branches_controller.rb @@ -3,7 +3,9 @@ class Projects::BranchesController < Projects::ApplicationController before_filter :authorize_read_project! before_filter :require_non_empty_project - before_filter :authorize_admin_project!, only: [:destroy, :create] + before_filter :authorize_code_access! + before_filter :authorize_push!, only: [:create] + before_filter :authorize_admin_project!, only: [:destroy] def index @branches = Kaminari.paginate_array(@repository.branches).page(params[:page]).per(30) diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb index 32eb37b2fcb..55b2f5b1ae9 100644 --- a/app/controllers/projects/tags_controller.rb +++ b/app/controllers/projects/tags_controller.rb @@ -1,10 +1,11 @@ class Projects::TagsController < Projects::ApplicationController # Authorize before_filter :authorize_read_project! - before_filter :authorize_code_access! before_filter :require_non_empty_project - before_filter :authorize_admin_project!, only: [:destroy, :create] + before_filter :authorize_code_access! + before_filter :authorize_push!, only: [:create] + before_filter :authorize_admin_project!, only: [:destroy] def index @tags = Kaminari.paginate_array(@project.repository.tags).page(params[:page]).per(30) diff --git a/app/views/projects/repositories/_filter.html.haml b/app/views/projects/repositories/_filter.html.haml index 138fd6d5118..660d9d25a35 100644 --- a/app/views/projects/repositories/_filter.html.haml +++ b/app/views/projects/repositories/_filter.html.haml @@ -10,6 +10,7 @@ %hr +- if can? current_user, :push_code, @project = link_to new_project_branch_path(@project), class: 'btn btn-create' do %i.icon-add-sign New branch |