diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects/pipeline_schedules_controller.rb | 2 | ||||
-rw-r--r-- | app/policies/ci/pipeline_schedule_policy.rb | 22 |
2 files changed, 8 insertions, 16 deletions
diff --git a/app/controllers/projects/pipeline_schedules_controller.rb b/app/controllers/projects/pipeline_schedules_controller.rb index 2ee6229cf68..3f395bd9cea 100644 --- a/app/controllers/projects/pipeline_schedules_controller.rb +++ b/app/controllers/projects/pipeline_schedules_controller.rb @@ -33,6 +33,8 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController end def update + return access_denied! unless can?(current_user, :update_pipeline_schedule, schedule) + if Ci::CreatePipelineScheduleService .new(@project, current_user, schedule_params).update(schedule) redirect_to namespace_project_pipeline_schedules_path(@project.namespace.becomes(Namespace), @project) diff --git a/app/policies/ci/pipeline_schedule_policy.rb b/app/policies/ci/pipeline_schedule_policy.rb index db561dafbd3..2506c179157 100644 --- a/app/policies/ci/pipeline_schedule_policy.rb +++ b/app/policies/ci/pipeline_schedule_policy.rb @@ -2,24 +2,14 @@ module Ci class PipelineSchedulePolicy < PipelinePolicy alias_method :pipeline_schedule, :subject - condition(:protected_action) do - owned_by_developer? && owned_by_another? - end - - rule { protected_action }.prevent :update_pipeline_schedule - - private - - def owned_by_developer? - return false unless @user - - pipeline_schedule.project.team.developer?(@user) - end + def rules + super - def owned_by_another? - return false unless @user + access = pipeline_schedule.project.team.max_member_access(user.id) - !pipeline_schedule.owned_by?(@user) + if access == Gitlab::Access::DEVELOPER && pipeline_schedule.owner != user + cannot! :update_pipeline_schedule + end end end end |