Authorize read_build action when listing jobs

author: Matija Čupić <matteeyah@gmail.com> 2018-12-14 16:36:33 +0100
committer: Matija Čupić <matteeyah@gmail.com> 2018-12-19 14:50:35 +0100
commit: c7ea28612a210811696dae50d6ca948c85566da2 (patch)
tree: 6b5f8bcf31df78bb63d482c9eb1f6fc234b7d5a4 /lib/api/jobs.rb
parent: f9fd9b1def8dec9800f8d3857ee278ed6dca03c3 (diff)
download: gitlab-ce-c7ea28612a210811696dae50d6ca948c85566da2.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/api/jobs.rb b/lib/api/jobs.rb
index 80a5cbd6b19..3cfeb9a2784 100644
--- a/lib/api/jobs.rb
+++ b/lib/api/jobs.rb
@@ -38,6 +38,8 @@ module API
       end
       # rubocop: disable CodeReuse/ActiveRecord
       get ':id/jobs' do
+        authorize_read_builds!
+
         builds = user_project.builds.order('id DESC')
         builds = filter_builds(builds, params[:scope])
author	Matija Čupić <matteeyah@gmail.com>	2018-12-14 16:36:33 +0100
committer	Matija Čupić <matteeyah@gmail.com>	2018-12-19 14:50:35 +0100
commit	c7ea28612a210811696dae50d6ca948c85566da2 (patch)
tree	6b5f8bcf31df78bb63d482c9eb1f6fc234b7d5a4 /lib/api/jobs.rb
parent	f9fd9b1def8dec9800f8d3857ee278ed6dca03c3 (diff)
download	gitlab-ce-c7ea28612a210811696dae50d6ca948c85566da2.tar.gz