From 0189ee97ed34b74cf0f500d678d4435b17ab6a85 Mon Sep 17 00:00:00 2001
From: randx <dmitriy.zaporozhets@gmail.com>
Date: Sun, 21 Oct 2012 12:12:14 +0300
Subject: Security for online editor. Replace dev_access?, master_access? with
 can? method usage

---
 app/helpers/tree_helper.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'app/helpers/tree_helper.rb')

diff --git a/app/helpers/tree_helper.rb b/app/helpers/tree_helper.rb
index c681dc607a0..4fe87a25554 100644
--- a/app/helpers/tree_helper.rb
+++ b/app/helpers/tree_helper.rb
@@ -59,4 +59,12 @@ module TreeHelper
   def tree_join(*args)
     File.join(*args)
   end
+
+  def allowed_tree_edit?
+    if @project.protected_branch? @ref
+      can?(current_user, :push_code_to_protected_branches, @project)
+    else
+      can?(current_user, :push_code, @project)
+    end
+  end
 end
-- 
cgit v1.2.1