diff options
Diffstat (limited to 'app/controllers/projects/jobs_controller.rb')
| -rw-r--r-- | app/controllers/projects/jobs_controller.rb | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/app/controllers/projects/jobs_controller.rb b/app/controllers/projects/jobs_controller.rb index 07e38c80291..900ebc61856 100644 --- a/app/controllers/projects/jobs_controller.rb +++ b/app/controllers/projects/jobs_controller.rb @@ -6,6 +6,7 @@ class Projects::JobsController < Projects::ApplicationController before_action :find_job_as_build, except: [:index, :play] before_action :find_job_as_processable, only: [:play] + before_action :authorize_read_build_trace!, only: [:trace, :raw] before_action :authorize_read_build! before_action :authorize_update_build!, except: [:index, :show, :status, :raw, :trace, :erase] @@ -14,8 +15,8 @@ class Projects::JobsController < Projects::ApplicationController before_action :verify_api_request!, only: :terminal_websocket_authorize before_action :authorize_create_proxy_build!, only: :proxy_websocket_authorize before_action :verify_proxy_request!, only: :proxy_websocket_authorize - before_action do - push_frontend_feature_flag(:ci_job_line_links, @project) + before_action only: :index do + frontend_experimentation_tracking_data(:jobs_empty_state, 'click_button') end layout 'project' @@ -157,6 +158,18 @@ class Projects::JobsController < Projects::ApplicationController private + def authorize_read_build_trace! + return if can?(current_user, :read_build_trace, @build) + + msg = _( + "You must have developer or higher permissions in the associated project to view job logs when debug trace is enabled. To disable debug trace, set the 'CI_DEBUG_TRACE' variable to 'false' in your pipeline configuration or CI/CD settings. " \ + "If you need to view this job log, a project maintainer must add you to the project with developer permissions or higher." + ) + return access_denied!(msg) if @build.debug_mode? + + access_denied!(_('The current user is not authorized to access the job log.')) + end + def authorize_update_build! return access_denied! unless can?(current_user, :update_build, @build) end @@ -204,11 +217,7 @@ class Projects::JobsController < Projects::ApplicationController end def find_job_as_processable - if ::Gitlab::Ci::Features.manual_bridges_enabled?(project) - @build = project.processables.find(params[:id]) - else - find_job_as_build - end + @build = project.processables.find(params[:id]) end def build_path(build) |