diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-18 13:50:51 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-18 13:50:51 +0300 |
commit | db384e6b19af03b4c3c82a5760d83a3fd79f7982 (patch) | |
tree | 34beaef37df5f47ccbcf5729d7583aae093cffa0 /app/controllers/organizations | |
parent | 54fd7b1bad233e3944434da91d257fa7f63c3996 (diff) |
Add latest changes from gitlab-org/gitlab@16-3-stable-eev16.3.0-rc42
Diffstat (limited to 'app/controllers/organizations')
-rw-r--r-- | app/controllers/organizations/application_controller.rb | 7 | ||||
-rw-r--r-- | app/controllers/organizations/organizations_controller.rb | 2 |
2 files changed, 6 insertions, 3 deletions
diff --git a/app/controllers/organizations/application_controller.rb b/app/controllers/organizations/application_controller.rb index 43cc7014f62..568cfe6399d 100644 --- a/app/controllers/organizations/application_controller.rb +++ b/app/controllers/organizations/application_controller.rb @@ -2,6 +2,7 @@ module Organizations class ApplicationController < ::ApplicationController + skip_before_action :authenticate_user! before_action :organization layout 'organization' @@ -16,8 +17,10 @@ module Organizations strong_memoize_attr :organization def authorize_action!(action) - access_denied! if Feature.disabled?(:ui_for_organizations) - access_denied! unless can?(current_user, action, organization) + return if Feature.enabled?(:ui_for_organizations, current_user) && + can?(current_user, action, organization) + + access_denied! end end end diff --git a/app/controllers/organizations/organizations_controller.rb b/app/controllers/organizations/organizations_controller.rb index 4781ef995b7..650ec97c264 100644 --- a/app/controllers/organizations/organizations_controller.rb +++ b/app/controllers/organizations/organizations_controller.rb @@ -4,7 +4,7 @@ module Organizations class OrganizationsController < ApplicationController feature_category :cell - before_action { authorize_action!(:admin_organization) } + before_action { authorize_action!(:read_organization) } def show; end |