From 1b8f52d9206bdf19c0dde04505c4c0b1cf46cfbe Mon Sep 17 00:00:00 2001
From: Lin Jen-Shin <godfat@godfat.org>
Date: Tue, 14 Jun 2016 22:58:38 +0800
Subject: Avoid enabling locked runners. Give 403 in this case

---
 lib/api/runners.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib/api/runners.rb')

diff --git a/lib/api/runners.rb b/lib/api/runners.rb
index 2d09b6193d9..3ae228d61d8 100644
--- a/lib/api/runners.rb
+++ b/lib/api/runners.rb
@@ -163,6 +163,7 @@ module API
 
       def authenticate_enable_runner!(runner)
         forbidden!("Runner is shared") if runner.is_shared?
+        forbidden!("Runner is locked") if runner.locked?
         return if current_user.is_admin?
         forbidden!("No access granted") unless user_can_access_runner?(runner)
       end
-- 
cgit v1.2.1