diff options
Diffstat (limited to 'app/controllers/groups/boards_controller.rb')
-rw-r--r-- | app/controllers/groups/boards_controller.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/groups/boards_controller.rb b/app/controllers/groups/boards_controller.rb index 8c9bf17f017..fab84fb8299 100644 --- a/app/controllers/groups/boards_controller.rb +++ b/app/controllers/groups/boards_controller.rb @@ -4,6 +4,7 @@ class Groups::BoardsController < Groups::ApplicationController include BoardsActions include RecordUserLastActivity + before_action :authorize_read_board!, only: [:index, :show] before_action :assign_endpoint_vars before_action do push_frontend_feature_flag(:multi_select_board, default_enabled: true) @@ -16,4 +17,8 @@ class Groups::BoardsController < Groups::ApplicationController @namespace_path = group.to_param @labels_endpoint = group_labels_url(group) end + + def authorize_read_board! + access_denied! unless can?(current_user, :read_board, group) + end end |