diff options
author | Valery Sizov <vsv2711@gmail.com> | 2015-04-17 21:18:49 +0300 |
---|---|---|
committer | Valery Sizov <vsv2711@gmail.com> | 2015-04-17 21:18:49 +0300 |
commit | 4ebdcef3a1f1d140f8c6c5b02e22f3a13df2502e (patch) | |
tree | cddaaefe38060b749627bcee42117fa02d84bfaf /lib | |
parent | f73c162835c11a357baf59430fddceb02e22259b (diff) | |
download | gitlab-ci-4ebdcef3a1f1d140f8c6c5b02e22f3a13df2502e.tar.gz |
only who has manage access can manage project
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/projects.rb | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/api/projects.rb b/lib/api/projects.rb index c60d619..ea10a82 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -38,7 +38,7 @@ module API project = Project.find(params[:id]) not_found! if project.blank? - unauthorized! unless current_user.can_access_project?(project.gitlab_id) + unauthorized! unless current_user.can_manage_project?(project.gitlab_id) project.jobs end @@ -61,7 +61,7 @@ module API project = Project.find(params[:id]) not_found! if project.blank? - unauthorized! unless current_user.can_access_project?(project.gitlab_id) + unauthorized! unless current_user.can_manage_project?(project.gitlab_id) job_params = { @@ -97,7 +97,7 @@ module API job = project.jobs.find(params[:job_id]) not_found! if project.blank? || job.blank? - unauthorized! unless current_user.can_access_project?(project.gitlab_id) + unauthorized! unless current_user.can_manage_project?(project.gitlab_id) job.destroy end @@ -193,7 +193,7 @@ module API put ":id" do project = Project.find(params[:id]) - if project.present? && current_user.can_access_project?(project.gitlab_id) + if project.present? && current_user.can_manage_project?(project.gitlab_id) attrs = attributes_for_keys [:name, :gitlab_id, :gitlab_url, :default_ref, :ssh_url_to_repo] if project.update_attributes(attrs) @@ -216,7 +216,7 @@ module API delete ":id" do project = Project.find(params[:id]) - if project.present? && current_user.can_access_project?(project.gitlab_id) + if project.present? && current_user.can_manage_project?(project.gitlab_id) project.destroy else not_found! |