Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
d63371ad
Commit
d63371ad
authored
Jun 26, 2015
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update controller filters
Signed-off-by:
Dmitriy Zaporozhets
<
dmitriy.zaporozhets@gmail.com
>
parent
342d5537
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
13 additions
and
13 deletions
+13
-13
app/controllers/projects/issues_controller.rb
app/controllers/projects/issues_controller.rb
+3
-3
app/controllers/projects/merge_requests_controller.rb
app/controllers/projects/merge_requests_controller.rb
+3
-3
app/controllers/projects/notes_controller.rb
app/controllers/projects/notes_controller.rb
+1
-1
app/controllers/projects/snippets_controller.rb
app/controllers/projects/snippets_controller.rb
+3
-3
app/controllers/projects/wikis_controller.rb
app/controllers/projects/wikis_controller.rb
+1
-1
app/controllers/snippets_controller.rb
app/controllers/snippets_controller.rb
+2
-2
No files found.
app/controllers/projects/issues_controller.rb
View file @
d63371ad
...
@@ -6,10 +6,10 @@ class Projects::IssuesController < Projects::ApplicationController
...
@@ -6,10 +6,10 @@ class Projects::IssuesController < Projects::ApplicationController
before_action
:authorize_read_issue!
before_action
:authorize_read_issue!
# Allow write(create) issue
# Allow write(create) issue
before_action
:authorize_
wri
te_issue!
,
only:
[
:new
,
:create
]
before_action
:authorize_
crea
te_issue!
,
only:
[
:new
,
:create
]
# Allow modify issue
# Allow modify issue
before_action
:authorize_
modify
_issue!
,
only:
[
:edit
,
:update
]
before_action
:authorize_
update
_issue!
,
only:
[
:edit
,
:update
]
# Allow issues bulk update
# Allow issues bulk update
before_action
:authorize_admin_issues!
,
only:
[
:bulk_update
]
before_action
:authorize_admin_issues!
,
only:
[
:bulk_update
]
...
@@ -122,7 +122,7 @@ class Projects::IssuesController < Projects::ApplicationController
...
@@ -122,7 +122,7 @@ class Projects::IssuesController < Projects::ApplicationController
end
end
end
end
def
authorize_
modify
_issue!
def
authorize_
update
_issue!
return
render_404
unless
can?
(
current_user
,
:update_issue
,
@issue
)
return
render_404
unless
can?
(
current_user
,
:update_issue
,
@issue
)
end
end
...
...
app/controllers/projects/merge_requests_controller.rb
View file @
d63371ad
...
@@ -14,10 +14,10 @@ class Projects::MergeRequestsController < Projects::ApplicationController
...
@@ -14,10 +14,10 @@ class Projects::MergeRequestsController < Projects::ApplicationController
before_action
:authorize_read_merge_request!
before_action
:authorize_read_merge_request!
# Allow write(create) merge_request
# Allow write(create) merge_request
before_action
:authorize_
wri
te_merge_request!
,
only:
[
:new
,
:create
]
before_action
:authorize_
crea
te_merge_request!
,
only:
[
:new
,
:create
]
# Allow modify merge_request
# Allow modify merge_request
before_action
:authorize_
modify
_merge_request!
,
only:
[
:close
,
:edit
,
:update
,
:sort
]
before_action
:authorize_
update
_merge_request!
,
only:
[
:close
,
:edit
,
:update
,
:sort
]
def
index
def
index
terms
=
params
[
'issue_search'
]
terms
=
params
[
'issue_search'
]
...
@@ -218,7 +218,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
...
@@ -218,7 +218,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
@closes_issues
||=
@merge_request
.
closes_issues
@closes_issues
||=
@merge_request
.
closes_issues
end
end
def
authorize_
modify
_merge_request!
def
authorize_
update
_merge_request!
return
render_404
unless
can?
(
current_user
,
:update_merge_request
,
@merge_request
)
return
render_404
unless
can?
(
current_user
,
:update_merge_request
,
@merge_request
)
end
end
...
...
app/controllers/projects/notes_controller.rb
View file @
d63371ad
class
Projects::NotesController
<
Projects
::
ApplicationController
class
Projects::NotesController
<
Projects
::
ApplicationController
# Authorize
# Authorize
before_action
:authorize_read_note!
before_action
:authorize_read_note!
before_action
:authorize_
wri
te_note!
,
only:
[
:create
]
before_action
:authorize_
crea
te_note!
,
only:
[
:create
]
before_action
:authorize_admin_note!
,
only:
[
:update
,
:destroy
]
before_action
:authorize_admin_note!
,
only:
[
:update
,
:destroy
]
before_action
:find_current_user_notes
,
except:
[
:destroy
,
:delete_attachment
]
before_action
:find_current_user_notes
,
except:
[
:destroy
,
:delete_attachment
]
...
...
app/controllers/projects/snippets_controller.rb
View file @
d63371ad
...
@@ -6,10 +6,10 @@ class Projects::SnippetsController < Projects::ApplicationController
...
@@ -6,10 +6,10 @@ class Projects::SnippetsController < Projects::ApplicationController
before_action
:authorize_read_project_snippet!
before_action
:authorize_read_project_snippet!
# Allow write(create) snippet
# Allow write(create) snippet
before_action
:authorize_
wri
te_project_snippet!
,
only:
[
:new
,
:create
]
before_action
:authorize_
crea
te_project_snippet!
,
only:
[
:new
,
:create
]
# Allow modify snippet
# Allow modify snippet
before_action
:authorize_
modify
_project_snippet!
,
only:
[
:edit
,
:update
]
before_action
:authorize_
update
_project_snippet!
,
only:
[
:edit
,
:update
]
# Allow destroy snippet
# Allow destroy snippet
before_action
:authorize_admin_project_snippet!
,
only:
[
:destroy
]
before_action
:authorize_admin_project_snippet!
,
only:
[
:destroy
]
...
@@ -75,7 +75,7 @@ class Projects::SnippetsController < Projects::ApplicationController
...
@@ -75,7 +75,7 @@ class Projects::SnippetsController < Projects::ApplicationController
@snippet
||=
@project
.
snippets
.
find
(
params
[
:id
])
@snippet
||=
@project
.
snippets
.
find
(
params
[
:id
])
end
end
def
authorize_
modify
_project_snippet!
def
authorize_
update
_project_snippet!
return
render_404
unless
can?
(
current_user
,
:update_project_snippet
,
@snippet
)
return
render_404
unless
can?
(
current_user
,
:update_project_snippet
,
@snippet
)
end
end
...
...
app/controllers/projects/wikis_controller.rb
View file @
d63371ad
...
@@ -2,7 +2,7 @@ require 'project_wiki'
...
@@ -2,7 +2,7 @@ require 'project_wiki'
class
Projects::WikisController
<
Projects
::
ApplicationController
class
Projects::WikisController
<
Projects
::
ApplicationController
before_action
:authorize_read_wiki!
before_action
:authorize_read_wiki!
before_action
:authorize_
wri
te_wiki!
,
only:
[
:edit
,
:create
,
:history
]
before_action
:authorize_
crea
te_wiki!
,
only:
[
:edit
,
:create
,
:history
]
before_action
:authorize_admin_wiki!
,
only: :destroy
before_action
:authorize_admin_wiki!
,
only: :destroy
before_action
:load_project_wiki
before_action
:load_project_wiki
include
WikiHelper
include
WikiHelper
...
...
app/controllers/snippets_controller.rb
View file @
d63371ad
...
@@ -2,7 +2,7 @@ class SnippetsController < ApplicationController
...
@@ -2,7 +2,7 @@ class SnippetsController < ApplicationController
before_action
:snippet
,
only:
[
:show
,
:edit
,
:destroy
,
:update
,
:raw
]
before_action
:snippet
,
only:
[
:show
,
:edit
,
:destroy
,
:update
,
:raw
]
# Allow modify snippet
# Allow modify snippet
before_action
:authorize_
modify
_snippet!
,
only:
[
:edit
,
:update
]
before_action
:authorize_
update
_snippet!
,
only:
[
:edit
,
:update
]
# Allow destroy snippet
# Allow destroy snippet
before_action
:authorize_admin_snippet!
,
only:
[
:destroy
]
before_action
:authorize_admin_snippet!
,
only:
[
:destroy
]
...
@@ -87,7 +87,7 @@ class SnippetsController < ApplicationController
...
@@ -87,7 +87,7 @@ class SnippetsController < ApplicationController
end
end
end
end
def
authorize_
modify
_snippet!
def
authorize_
update
_snippet!
return
render_404
unless
can?
(
current_user
,
:update_personal_snippet
,
@snippet
)
return
render_404
unless
can?
(
current_user
,
:update_personal_snippet
,
@snippet
)
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment