Authorize read_pipeline before read_build

author: Matija Čupić <matteeyah@gmail.com> 2018-12-18 14:36:26 +0100
committer: Matija Čupić <matteeyah@gmail.com> 2018-12-19 14:50:40 +0100
commit: 89b856e76c5e77428535f169350443272a34e1d8 (patch)
tree: ba7a5bebf20f88221fa630d83bf73da53bfad088 /lib/api/jobs.rb
parent: a1c77f2d34d979016499e4fa15b49e67d5666d63 (diff)
download: gitlab-ce-89b856e76c5e77428535f169350443272a34e1d8.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/api/jobs.rb b/lib/api/jobs.rb
index bd704f3bf25..e2ab60f3855 100644
--- a/lib/api/jobs.rb
+++ b/lib/api/jobs.rb
@@ -59,6 +59,7 @@ module API
       # rubocop: disable CodeReuse/ActiveRecord
       get ':id/pipelines/:pipeline_id/jobs' do
         pipeline = user_project.ci_pipelines.find(params[:pipeline_id])
+        authorize!(:read_pipeline, user_project)
         authorize!(:read_build, pipeline)
 
         builds = pipeline.builds
author	Matija Čupić <matteeyah@gmail.com>	2018-12-18 14:36:26 +0100
committer	Matija Čupić <matteeyah@gmail.com>	2018-12-19 14:50:40 +0100
commit	89b856e76c5e77428535f169350443272a34e1d8 (patch)
tree	ba7a5bebf20f88221fa630d83bf73da53bfad088 /lib/api/jobs.rb
parent	a1c77f2d34d979016499e4fa15b49e67d5666d63 (diff)
download	gitlab-ce-89b856e76c5e77428535f169350443272a34e1d8.tar.gz