Skip to content
Snippets Groups Projects
Commit 84aa1f97 authored by Douwe Maan's avatar Douwe Maan
Browse files

Proper authorization for cancel/retry all builds.

parent 5ff3c2de
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/controllers/projects/commit_controller.rb
+ 9
0
View file @ 84aa1f97
@@ -7,6 +7,7 @@ class Projects::CommitController < Projects::ApplicationController
before_action :authorize_download_code!
before_action :commit
before_action :define_show_vars, only: [:show, :ci]
before_action :authorize_manage_builds!, only: [:cancel_builds, :retry_builds]
 
def show
return git_not_found! unless @commit
@@ -56,6 +57,8 @@ class Projects::CommitController < Projects::ApplicationController
render layout: false
end
 
private
def commit
@commit ||= @project.commit(params[:id])
end
@@ -67,4 +70,10 @@ class Projects::CommitController < Projects::ApplicationController
@ci_commit = project.ci_commit(commit.sha)
@builds = ci_commit.builds if ci_commit
end
def authorize_manage_builds!
unless can?(current_user, :manage_builds, project)
return page_404
end
end
end
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment