Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/projects/group_links_controller.rb
diff options
context:
space:
mode:
authorPhil Hughes <me@iamphill.com>2016-09-02 11:28:25 +0300
committerPhil Hughes <me@iamphill.com>2016-09-13 10:44:59 +0300
commitb3d75ac5135130522f253d4b09f72a7c0a8e2f80 (patch)
tree506fc31ec850b51eaf7ac389736539607bbd065e /app/controllers/projects/group_links_controller.rb
parente477ad44565dbe69e3f0200f4f4f7bebbd48cb15 (diff)
Return 403 if user can't update group
Diffstat (limited to 'app/controllers/projects/group_links_controller.rb')
-rw-r--r--app/controllers/projects/group_links_controller.rb1
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/projects/group_links_controller.rb b/app/controllers/projects/group_links_controller.rb
index 57c54bf625a..b5e314dced3 100644
--- a/app/controllers/projects/group_links_controller.rb
+++ b/app/controllers/projects/group_links_controller.rb
@@ -21,6 +21,7 @@ class Projects::GroupLinksController < Projects::ApplicationController
def update
@group_link = @project.project_group_links.find(params[:id])
+ return render_403 unless can?(current_user, action_member_permission(:admin, @group_link.group), @group_link.group)
@group_link.update_attributes(group_link_params)
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-10 00:50:17 +0300