diff options
author | Nihad Abbasov <narkoz.2008@gmail.com> | 2014-06-06 06:58:20 +0500 |
---|---|---|
committer | Nihad Abbasov <narkoz.2008@gmail.com> | 2014-06-06 06:58:20 +0500 |
commit | dccfb374d396b1b7cbd86bde848165796618ef52 (patch) | |
tree | 66fc91265948fc70d424d9fd0479b1780172d45e /lib/api/files.rb | |
parent | f7cf0286116cb6c771e539d34921b4b5f472be68 (diff) | |
download | gitlab-ce-dccfb374d396b1b7cbd86bde848165796618ef52.tar.gz |
fix permissions for files API
Diffstat (limited to 'lib/api/files.rb')
-rw-r--r-- | lib/api/files.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/api/files.rb b/lib/api/files.rb index e0c46f92b84..e63e635a4d3 100644 --- a/lib/api/files.rb +++ b/lib/api/files.rb @@ -2,7 +2,6 @@ module API # Projects API class Files < Grape::API before { authenticate! } - before { authorize! :push_code, user_project } resource :projects do # Get file from repository @@ -28,6 +27,8 @@ module API # } # get ":id/repository/files" do + authorize! :download_code, user_project + required_attributes! [:file_path, :ref] attrs = attributes_for_keys [:file_path, :ref] ref = attrs.delete(:ref) @@ -68,6 +69,8 @@ module API # POST /projects/:id/repository/files # post ":id/repository/files" do + authorize! :push_code, user_project + required_attributes! [:file_path, :branch_name, :content, :commit_message] attrs = attributes_for_keys [:file_path, :branch_name, :content, :commit_message, :encoding] branch_name = attrs.delete(:branch_name) @@ -98,6 +101,8 @@ module API # PUT /projects/:id/repository/files # put ":id/repository/files" do + authorize! :push_code, user_project + required_attributes! [:file_path, :branch_name, :content, :commit_message] attrs = attributes_for_keys [:file_path, :branch_name, :content, :commit_message, :encoding] branch_name = attrs.delete(:branch_name) @@ -128,6 +133,8 @@ module API # DELETE /projects/:id/repository/files # delete ":id/repository/files" do + authorize! :push_code, user_project + required_attributes! [:file_path, :branch_name, :commit_message] attrs = attributes_for_keys [:file_path, :branch_name, :commit_message] branch_name = attrs.delete(:branch_name) |