diff options
author | Kamil Trzciński <ayufan@ayufan.eu> | 2017-05-06 20:17:02 +0300 |
---|---|---|
committer | Kamil Trzciński <ayufan@ayufan.eu> | 2017-05-06 20:17:02 +0300 |
commit | 6ad3814e1b31bfacfae7a2aabb4e4607b12ca66f (patch) | |
tree | b6024ca475dea081d9f38e4b14a2709d17af3a50 /app/controllers/projects/application_controller.rb | |
parent | 2e6201b13197d03eafecd18d967ba7d55f664e19 (diff) | |
parent | fc121cca5ba87abd24afbc8da2f76e14e386e4c8 (diff) |
Merge branch 'feature/gb/manual-actions-protected-branches-permissions' into 'master'
Check access to a branch when user triggers manual action
Closes #20261
See merge request !10494
Diffstat (limited to 'app/controllers/projects/application_controller.rb')
-rw-r--r-- | app/controllers/projects/application_controller.rb | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/app/controllers/projects/application_controller.rb b/app/controllers/projects/application_controller.rb index b4b0dfc3eb8..12e4a6999ae 100644 --- a/app/controllers/projects/application_controller.rb +++ b/app/controllers/projects/application_controller.rb @@ -40,13 +40,15 @@ class Projects::ApplicationController < ApplicationController (current_user && current_user.already_forked?(project)) end - def authorize_project!(action) - return access_denied! unless can?(current_user, action, project) + def authorize_action!(action) + unless can?(current_user, action, project) + return access_denied! + end end def method_missing(method_sym, *arguments, &block) if method_sym.to_s =~ /\Aauthorize_(.*)!\z/ - authorize_project!($1.to_sym) + authorize_action!($1.to_sym) else super end |