diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-04-20 23:50:22 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-04-20 23:50:22 +0000 |
commit | 9dc93a4519d9d5d7be48ff274127136236a3adb3 (patch) | |
tree | 70467ae3692a0e35e5ea56bcb803eb512a10bedb /lib/api/resource_access_tokens.rb | |
parent | 4b0f34b6d759d6299322b3a54453e930c6121ff0 (diff) | |
download | gitlab-ce-9dc93a4519d9d5d7be48ff274127136236a3adb3.tar.gz |
Add latest changes from gitlab-org/gitlab@13-11-stable-eev13.11.0-rc43
Diffstat (limited to 'lib/api/resource_access_tokens.rb')
-rw-r--r-- | lib/api/resource_access_tokens.rb | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/lib/api/resource_access_tokens.rb b/lib/api/resource_access_tokens.rb index 99c278be8e7..705e4778c83 100644 --- a/lib/api/resource_access_tokens.rb +++ b/lib/api/resource_access_tokens.rb @@ -19,7 +19,7 @@ module API get ":id/access_tokens" do resource = find_source(source_type, params[:id]) - next unauthorized! unless has_permission_to_read?(resource) + next unauthorized! unless current_user.can?(:read_resource_access_tokens, resource) tokens = PersonalAccessTokensFinder.new({ user: resource.bots, impersonation: false }).execute @@ -85,10 +85,6 @@ module API def find_token(resource, token_id) PersonalAccessTokensFinder.new({ user: resource.bots, impersonation: false }).find_by_id(token_id) end - - def has_permission_to_read?(resource) - can?(current_user, :project_bot_access, resource) || can?(current_user, :admin_resource_access_tokens, resource) - end end end end |