developers can cancel and retry jobdevelopers_can_cancel_job

2 files changed, 8 insertions, 1 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0c8180e..c412a45 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -48,6 +48,12 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def authorize_project_developer!
+    unless current_user.has_developer_access?(@project.gitlab_id)
+      return page_404
+    end
+  end
+
   def authorize_manage_project!
     unless current_user.can_manage_project?(@project.gitlab_id)
       return page_404
diff --git a/app/controllers/builds_controller.rb b/app/controllers/builds_controller.rb
index bb485c0..a1cb017 100644
--- a/app/controllers/builds_controller.rb
+++ b/app/controllers/builds_controller.rb
@@ -2,7 +2,8 @@ class BuildsController < ApplicationController
   before_filter :authenticate_user!, except: [:status]
   before_filter :project
   before_filter :authorize_access_project!, except: [:status]
-  before_filter :authorize_manage_project!, except: [:status, :show]
+  before_filter :authorize_manage_project!, except: [:status, :show, :retry, :cancel]
+  before_filter :authorize_project_developer!, only: [:retry, :cancel]
   before_filter :build, except: [:show]
 
   def show