Remove update|admin_pipeline_schedule from Project, and grant it in PipelineSchedule

author: Kamil Trzcinski <ayufan@ayufan.eu> 2017-07-07 12:09:35 +0200
committer: Kamil Trzcinski <ayufan@ayufan.eu> 2017-07-07 12:11:48 +0200
commit: f108153cef0d538a06c07a17f7a0429aa8333e84 (patch)
tree: c690a8c847b33a053496c72d21b6c0a01274bd6e /lib
parent: 1ee9f7db83fb0e33b9cffbf437d20db343afd8a3 (diff)
download: gitlab-ce-f108153cef0d538a06c07a17f7a0429aa8333e84.tar.gz
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/api/pipeline_schedules.rb b/lib/api/pipeline_schedules.rb
index 93d89209934..dbeaf9e17ef 100644
--- a/lib/api/pipeline_schedules.rb
+++ b/lib/api/pipeline_schedules.rb
@@ -74,9 +74,10 @@ module API
         optional :active, type: Boolean, desc: 'The activation of pipeline schedule'
       end
       put ':id/pipeline_schedules/:pipeline_schedule_id' do
-        authorize! :update_pipeline_schedule, user_project
+        authorize! :read_pipeline_schedule, user_project
 
         not_found!('PipelineSchedule') unless pipeline_schedule
+        authorize! :update_pipeline_schedule, pipeline_schedule
 
         if pipeline_schedule.update(declared_params(include_missing: false))
           present pipeline_schedule, with: Entities::PipelineScheduleDetails
@@ -92,9 +93,10 @@ module API
         requires :pipeline_schedule_id, type: Integer,  desc: 'The pipeline schedule id'
       end
       post ':id/pipeline_schedules/:pipeline_schedule_id/take_ownership' do
-        authorize! :update_pipeline_schedule, user_project
+        authorize! :read_pipeline_schedule, user_project
 
         not_found!('PipelineSchedule') unless pipeline_schedule
+        authorize! :update_pipeline_schedule, pipeline_schedule
 
         if pipeline_schedule.own!(current_user)
           present pipeline_schedule, with: Entities::PipelineScheduleDetails
@@ -110,9 +112,10 @@ module API
         requires :pipeline_schedule_id, type: Integer,  desc: 'The pipeline schedule id'
       end
       delete ':id/pipeline_schedules/:pipeline_schedule_id' do
-        authorize! :admin_pipeline_schedule, user_project
+        authorize! :read_pipeline_schedule, user_project
 
         not_found!('PipelineSchedule') unless pipeline_schedule
+        authorize! :admin_pipeline_schedule, pipeline_schedule
 
         status :accepted
         present pipeline_schedule.destroy, with: Entities::PipelineScheduleDetails
author	Kamil Trzcinski <ayufan@ayufan.eu>	2017-07-07 12:09:35 +0200
committer	Kamil Trzcinski <ayufan@ayufan.eu>	2017-07-07 12:11:48 +0200
commit	f108153cef0d538a06c07a17f7a0429aa8333e84 (patch)
tree	c690a8c847b33a053496c72d21b6c0a01274bd6e /lib
parent	1ee9f7db83fb0e33b9cffbf437d20db343afd8a3 (diff)
download	gitlab-ce-f108153cef0d538a06c07a17f7a0429aa8333e84.tar.gz