summaryrefslogtreecommitdiff
path: root/lib/api/files.rb
diff options
context:
space:
mode:
authorNihad Abbasov <narkoz.2008@gmail.com>2014-06-06 06:58:20 +0500
committerNihad Abbasov <narkoz.2008@gmail.com>2014-06-06 06:58:20 +0500
commitdccfb374d396b1b7cbd86bde848165796618ef52 (patch)
tree66fc91265948fc70d424d9fd0479b1780172d45e /lib/api/files.rb
parentf7cf0286116cb6c771e539d34921b4b5f472be68 (diff)
downloadgitlab-ce-dccfb374d396b1b7cbd86bde848165796618ef52.tar.gz
fix permissions for files API
Diffstat (limited to 'lib/api/files.rb')
-rw-r--r--lib/api/files.rb9
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/api/files.rb b/lib/api/files.rb
index e0c46f92b84..e63e635a4d3 100644
--- a/lib/api/files.rb
+++ b/lib/api/files.rb
@@ -2,7 +2,6 @@ module API
# Projects API
class Files < Grape::API
before { authenticate! }
- before { authorize! :push_code, user_project }
resource :projects do
# Get file from repository
@@ -28,6 +27,8 @@ module API
# }
#
get ":id/repository/files" do
+ authorize! :download_code, user_project
+
required_attributes! [:file_path, :ref]
attrs = attributes_for_keys [:file_path, :ref]
ref = attrs.delete(:ref)
@@ -68,6 +69,8 @@ module API
# POST /projects/:id/repository/files
#
post ":id/repository/files" do
+ authorize! :push_code, user_project
+
required_attributes! [:file_path, :branch_name, :content, :commit_message]
attrs = attributes_for_keys [:file_path, :branch_name, :content, :commit_message, :encoding]
branch_name = attrs.delete(:branch_name)
@@ -98,6 +101,8 @@ module API
# PUT /projects/:id/repository/files
#
put ":id/repository/files" do
+ authorize! :push_code, user_project
+
required_attributes! [:file_path, :branch_name, :content, :commit_message]
attrs = attributes_for_keys [:file_path, :branch_name, :content, :commit_message, :encoding]
branch_name = attrs.delete(:branch_name)
@@ -128,6 +133,8 @@ module API
# DELETE /projects/:id/repository/files
#
delete ":id/repository/files" do
+ authorize! :push_code, user_project
+
required_attributes! [:file_path, :branch_name, :commit_message]
attrs = attributes_for_keys [:file_path, :branch_name, :commit_message]
branch_name = attrs.delete(:branch_name)