summaryrefslogtreecommitdiff
path: root/lib/api/pipeline_schedules.rb
diff options
context:
space:
mode:
authorShinya Maeda <shinya@gitlab.com>2017-08-30 20:40:19 +0900
committerShinya Maeda <shinya@gitlab.com>2017-09-04 21:10:34 +0900
commitbb22989c388bb7322e95af72c48d8422494d96e7 (patch)
treebe950bae4c2efee6bdc59f829b3d10740f8448e3 /lib/api/pipeline_schedules.rb
parent362f2226a5febb7a3a82e86f4a83e87a870d67b3 (diff)
downloadgitlab-ce-bb22989c388bb7322e95af72c48d8422494d96e7.tar.gz
Improve def pipeline_schedule with authrozation code
Diffstat (limited to 'lib/api/pipeline_schedules.rb')
-rw-r--r--lib/api/pipeline_schedules.rb29
1 files changed, 13 insertions, 16 deletions
diff --git a/lib/api/pipeline_schedules.rb b/lib/api/pipeline_schedules.rb
index a6414bfe3f4..51baf12e287 100644
--- a/lib/api/pipeline_schedules.rb
+++ b/lib/api/pipeline_schedules.rb
@@ -31,8 +31,6 @@ module API
requires :pipeline_schedule_id, type: Integer, desc: 'The pipeline schedule id'
end
get ':id/pipeline_schedules/:pipeline_schedule_id' do
- authorize! :read_pipeline_schedule, user_project
-
present pipeline_schedule, with: Entities::PipelineScheduleDetails
end
@@ -72,7 +70,6 @@ module API
optional :active, type: Boolean, desc: 'The activation of pipeline schedule'
end
put ':id/pipeline_schedules/:pipeline_schedule_id' do
- authorize! :read_pipeline_schedule, user_project
authorize! :update_pipeline_schedule, pipeline_schedule
if pipeline_schedule.update(declared_params(include_missing: false))
@@ -89,7 +86,6 @@ module API
requires :pipeline_schedule_id, type: Integer, desc: 'The pipeline schedule id'
end
post ':id/pipeline_schedules/:pipeline_schedule_id/take_ownership' do
- authorize! :read_pipeline_schedule, user_project
authorize! :update_pipeline_schedule, pipeline_schedule
if pipeline_schedule.own!(current_user)
@@ -106,7 +102,6 @@ module API
requires :pipeline_schedule_id, type: Integer, desc: 'The pipeline schedule id'
end
delete ':id/pipeline_schedules/:pipeline_schedule_id' do
- authorize! :read_pipeline_schedule, user_project
authorize! :admin_pipeline_schedule, pipeline_schedule
destroy_conditionally!(pipeline_schedule)
@@ -121,7 +116,6 @@ module API
requires :value, type: String, desc: 'The value of the variable'
end
post ':id/pipeline_schedules/:pipeline_schedule_id/variables' do
- authorize! :read_pipeline_schedule, user_project
authorize! :update_pipeline_schedule, pipeline_schedule
variable_params = declared_params(include_missing: false)
@@ -142,7 +136,6 @@ module API
optional :value, type: String, desc: 'The value of the variable'
end
put ':id/pipeline_schedules/:pipeline_schedule_id/variables/:key' do
- authorize! :read_pipeline_schedule, user_project
authorize! :update_pipeline_schedule, pipeline_schedule
if pipeline_schedule_variable.update(declared_params(include_missing: false))
@@ -160,7 +153,6 @@ module API
requires :key, type: String, desc: 'The key of the variable'
end
delete ':id/pipeline_schedules/:pipeline_schedule_id/variables/:key' do
- authorize! :read_pipeline_schedule, user_project
authorize! :admin_pipeline_schedule, pipeline_schedule
status :accepted
@@ -171,18 +163,23 @@ module API
helpers do
def pipeline_schedule
@pipeline_schedule ||=
- user_project.pipeline_schedules
- .preload(:owner, :last_pipeline)
- .find_by(id: params.delete(:pipeline_schedule_id))
-
- @pipeline_schedule || not_found!('Pipeline Schedule')
+ user_project
+ .pipeline_schedules
+ .preload(:owner, :last_pipeline)
+ .find_by(id: params.delete(:pipeline_schedule_id)).tap do |pipeline_schedule|
+ unless pipeline_schedule || can?(current_user, :read_pipeline_schedule, pipeline_schedule)
+ not_found!('Pipeline Schedule')
+ end
+ end
end
def pipeline_schedule_variable
@pipeline_schedule_variable ||=
- pipeline_schedule.variables.find_by(key: params[:key])
-
- @pipeline_schedule_variable || not_found!('Pipeline Schedule Variable')
+ pipeline_schedule.variables.find_by(key: params[:key]).tap do |pipeline_schedule_variable|
+ unless pipeline_schedule_variable
+ not_found!('Pipeline Schedule Variable')
+ end
+ end
end
end
end