Controller logic. Delete before modification. Halfway.

1 files changed, 4 insertions, 8 deletions

diff --git a/app/controllers/projects/pipeline_schedules_controller.rb b/app/controllers/projects/pipeline_schedules_controller.rb
index f0ac0e7098c..fdbf930a5ef 100644
--- a/app/controllers/projects/pipeline_schedules_controller.rb
+++ b/app/controllers/projects/pipeline_schedules_controller.rb
@@ -1,11 +1,11 @@
 class Projects::PipelineSchedulesController < Projects::ApplicationController
-  before_action :schedule, except: [:index, :new, :create]
-
   before_action :authorize_read_pipeline_schedule!
   before_action :authorize_create_pipeline_schedule!, only: [:new, :create]
-  before_action :authorize_update_pipeline_schedule!, except: [:index, :new, :create]
+  before_action :authorize_update_pipeline_schedule!, only: [:edit, :take_ownership, :update]
   before_action :authorize_admin_pipeline_schedule!, only: [:destroy]
 
+  before_action :schedule, only: [:edit, :update, :destroy, :take_ownership]
+
   def index
     @scope = params[:scope]
     @all_schedules = PipelineSchedulesFinder.new(@project).execute
@@ -67,10 +67,6 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
   def schedule_params
     params.require(:schedule)
       .permit(:description, :cron, :cron_timezone, :ref, :active,
-        variables_attributes: [:id, :key, :value, :_destroy] )
-  end
-
-  def authorize_update_pipeline_schedule!
-    return access_denied! unless can?(current_user, :update_pipeline_schedule, schedule)
+        variables_attributes: [:key, :value] )
   end
 end