From c491d86473c55a58811e22ab73e02a22ba216e84 Mon Sep 17 00:00:00 2001
From: Peter Leitzen <pl@neopoly.de>
Date: Mon, 23 Jul 2018 22:37:23 +0200
Subject: Hide `/tag` quick action from non-authorised users

---
 app/services/quick_actions/interpret_service.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/services/quick_actions/interpret_service.rb b/app/services/quick_actions/interpret_service.rb
index f8dccfa465d..09f39523c35 100644
--- a/app/services/quick_actions/interpret_service.rb
+++ b/app/services/quick_actions/interpret_service.rb
@@ -592,8 +592,7 @@ module QuickActions
       tag_name_and_message.split(' ', 2)
     end
     condition do
-      issuable.is_a?(Commit)
-      # TODO authorize
+      issuable.is_a?(Commit) && current_user.can?(:push_code, project)
     end
     command :tag do |(tag_name, message)|
       @updates[:tag_name] = tag_name
-- 
cgit v1.2.1