diff options
Diffstat (limited to 'lib/api/deploy_keys.rb')
-rw-r--r-- | lib/api/deploy_keys.rb | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/lib/api/deploy_keys.rb b/lib/api/deploy_keys.rb index df6d2721977..e86bcc19b2b 100644 --- a/lib/api/deploy_keys.rb +++ b/lib/api/deploy_keys.rb @@ -115,14 +115,20 @@ module API put ":id/deploy_keys/:key_id" do deploy_keys_project = find_by_deploy_key(user_project, params[:key_id]) - authorize!(:update_deploy_key, deploy_keys_project.deploy_key) + if !can?(current_user, :update_deploy_key, deploy_keys_project.deploy_key) && + !can?(current_user, :update_deploy_keys_project, deploy_keys_project) + forbidden!(nil) + end + + update_params = {} + update_params[:can_push] = params[:can_push] if params.key?(:can_push) + update_params[:deploy_key_attributes] = { id: params[:key_id] } - can_push = params[:can_push].nil? ? deploy_keys_project.can_push : params[:can_push] - title = params[:title] || deploy_keys_project.deploy_key.title + if can?(current_user, :update_deploy_key, deploy_keys_project.deploy_key) + update_params[:deploy_key_attributes][:title] = params[:title] if params.key?(:title) + end - result = deploy_keys_project.update(can_push: can_push, - deploy_key_attributes: { id: params[:key_id], - title: title }) + result = deploy_keys_project.update(update_params) if result present deploy_keys_project, with: Entities::DeployKeysProject |