diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-03 00:07:38 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-03 00:07:38 +0300 |
commit | 9d54184f308893338967b18874dedebf38acf89e (patch) | |
tree | 100e32c6d4b34deac52d9e98a083361d89804b50 /app/controllers/projects/releases_controller.rb | |
parent | d5b5f5e6e1474d5526add9033c9754b8e395841f (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/controllers/projects/releases_controller.rb')
-rw-r--r-- | app/controllers/projects/releases_controller.rb | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/app/controllers/projects/releases_controller.rb b/app/controllers/projects/releases_controller.rb index ffe69fe97e4..d6030a9e455 100644 --- a/app/controllers/projects/releases_controller.rb +++ b/app/controllers/projects/releases_controller.rb @@ -10,7 +10,7 @@ class Projects::ReleasesController < Projects::ApplicationController push_frontend_feature_flag(:release_evidence_collection, project) end before_action :authorize_update_release!, only: %i[edit update] - before_action :authorize_download_code!, only: [:evidence] + before_action :authorize_read_release_evidence!, only: [:evidence] def index respond_to do |format| @@ -47,6 +47,11 @@ class Projects::ReleasesController < Projects::ApplicationController access_denied! unless can?(current_user, :update_release, release) end + def authorize_read_release_evidence! + access_denied! unless Feature.enabled?(:release_evidence, project, default_enabled: true) + access_denied! unless can?(current_user, :read_release_evidence, release) + end + def release @release ||= project.releases.find_by_tag!(sanitized_tag_name) end |