diff options
Diffstat (limited to 'app/controllers/clusters')
-rw-r--r-- | app/controllers/clusters/base_controller.rb | 6 | ||||
-rw-r--r-- | app/controllers/clusters/clusters_controller.rb | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/app/controllers/clusters/base_controller.rb b/app/controllers/clusters/base_controller.rb index b1ffdf00b87..f88d381b3bf 100644 --- a/app/controllers/clusters/base_controller.rb +++ b/app/controllers/clusters/base_controller.rb @@ -4,7 +4,7 @@ class Clusters::BaseController < ApplicationController include RoutableActions skip_before_action :authenticate_user! - before_action :authorize_read_cluster! + before_action :authorize_admin_cluster!, except: [:show, :index, :new, :authorize_aws_role, :update] helper_method :clusterable @@ -18,11 +18,11 @@ class Clusters::BaseController < ApplicationController end def authorize_update_cluster! - access_denied! unless can?(current_user, :update_cluster, cluster) + access_denied! unless can?(current_user, :update_cluster, clusterable) end def authorize_admin_cluster! - access_denied! unless can?(current_user, :admin_cluster, cluster) + access_denied! unless can?(current_user, :admin_cluster, clusterable) end def authorize_read_cluster! diff --git a/app/controllers/clusters/clusters_controller.rb b/app/controllers/clusters/clusters_controller.rb index 15a261f572a..c12ceca9c3b 100644 --- a/app/controllers/clusters/clusters_controller.rb +++ b/app/controllers/clusters/clusters_controller.rb @@ -10,9 +10,9 @@ class Clusters::ClustersController < Clusters::BaseController before_action :validate_gcp_token, only: [:new] before_action :gcp_cluster, only: [:new] before_action :user_cluster, only: [:new] + before_action :authorize_read_cluster!, only: [:show, :index] before_action :authorize_create_cluster!, only: [:new, :authorize_aws_role] before_action :authorize_update_cluster!, only: [:update] - before_action :authorize_admin_cluster!, only: [:destroy, :clear_cache] before_action :update_applications_status, only: [:cluster_status] helper_method :token_in_session |