diff options
author | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-04-06 19:58:53 +0200 |
---|---|---|
committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-04-11 10:51:17 +0200 |
commit | 71ccfde322b633e9245bee6acba1e64cb7640f19 (patch) | |
tree | e81b9d66257711bd9a3dd31d70d623b1a1927502 /lib | |
parent | 083b0a9b034a0e4004c012444f1a8811bd96ed29 (diff) | |
download | gitlab-ce-71ccfde322b633e9245bee6acba1e64cb7640f19.tar.gz |
Correct permissions for creating merge requests from issues
This could only be possible for users that can create merge requests
within a project.
So they need to be a allowed to create a branch and create a merge request.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/merge_requests.rb | 2 | ||||
-rw-r--r-- | lib/api/v3/merge_requests.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/email/handler/create_merge_request_handler.rb | 3 |
3 files changed, 4 insertions, 3 deletions
diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index 3264a26f7d2..d4cc18f622b 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -189,7 +189,7 @@ module API post ":id/merge_requests" do Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42316') - authorize! :create_merge_request, user_project + authorize! :create_merge_request_from, user_project mr_params = declared_params(include_missing: false) mr_params[:force_remove_source_branch] = mr_params.delete(:remove_source_branch) diff --git a/lib/api/v3/merge_requests.rb b/lib/api/v3/merge_requests.rb index ce216497996..9b0f70e2bfe 100644 --- a/lib/api/v3/merge_requests.rb +++ b/lib/api/v3/merge_requests.rb @@ -93,7 +93,7 @@ module API post ":id/merge_requests" do Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42126') - authorize! :create_merge_request, user_project + authorize! :create_merge_request_from, user_project mr_params = declared_params(include_missing: false) mr_params[:force_remove_source_branch] = mr_params.delete(:remove_source_branch) if mr_params[:remove_source_branch].present? diff --git a/lib/gitlab/email/handler/create_merge_request_handler.rb b/lib/gitlab/email/handler/create_merge_request_handler.rb index 3436306e122..2f864f2082b 100644 --- a/lib/gitlab/email/handler/create_merge_request_handler.rb +++ b/lib/gitlab/email/handler/create_merge_request_handler.rb @@ -23,7 +23,8 @@ module Gitlab def execute raise ProjectNotFound unless project - validate_permission!(:create_merge_request) + validate_permission!(:create_merge_request_in) + validate_permission!(:create_merge_request_from) verify_record!( record: create_merge_request, |