Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/import
diff options
context:
space:
mode:
authorJames Lopez <james@jameslopez.es>2016-08-11 17:59:37 +0300
committerJames Lopez <james@jameslopez.es>2016-08-11 17:59:37 +0300
commit30f9596c612abc19dd060fa3a8e8ae3d92001d45 (patch)
tree2d63a2407f4e99a22be8581194d40cebf4535d98 /app/controllers/import
parent34d5426f0e17a9d0a2d2330b472114e7e457ae05 (diff)
Fix permissions check in controller, added relevant spec and updated docs
Diffstat (limited to 'app/controllers/import')
-rw-r--r--app/controllers/import/gitlab_projects_controller.rb5
1 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/import/gitlab_projects_controller.rb b/app/controllers/import/gitlab_projects_controller.rb
index 3ec173abcdb..7d0eff37635 100644
--- a/app/controllers/import/gitlab_projects_controller.rb
+++ b/app/controllers/import/gitlab_projects_controller.rb
@@ -1,5 +1,6 @@
class Import::GitlabProjectsController < Import::BaseController
before_action :verify_gitlab_project_import_enabled
+ before_action :authenticate_admin!
def new
@namespace_id = project_params[:namespace_id]
@@ -47,4 +48,8 @@ class Import::GitlabProjectsController < Import::BaseController
:path, :namespace_id, :file
)
end
+
+ def authenticate_admin!
+ render_404 unless current_user.is_admin?
+ end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-19 01:48:36 +0300