Add latest changes from gitlab-org/gitlab@13-11-stable-eev13.11.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-04-20 17:36:54 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-04-20 17:36:54 +0300
commit: f61bb2a16a514b71bf33aabbbb999d6732016a24 (patch)
tree: 9548caa89e60b4f40b99bbd1dac030420b812aa8 /app/controllers/projects/settings/access_tokens_controller.rb
parent: 35fc54e5d261f8898e390aea7c2f5ec5fdf0539d (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/app/controllers/projects/settings/access_tokens_controller.rb b/app/controllers/projects/settings/access_tokens_controller.rb
index 74350147825..e3bb8c616df 100644
--- a/app/controllers/projects/settings/access_tokens_controller.rb
+++ b/app/controllers/projects/settings/access_tokens_controller.rb
@@ -5,7 +5,10 @@ module Projects
     class AccessTokensController < Projects::ApplicationController
       include ProjectsHelper
 
-      before_action :check_feature_availability
+      layout 'project_settings'
+      before_action -> { check_permission(:read_resource_access_tokens) }, only: [:index]
+      before_action -> { check_permission(:destroy_resource_access_tokens) }, only: [:revoke]
+      before_action -> { check_permission(:create_resource_access_tokens) }, only: [:create]
 
       feature_category :authentication_and_authorization
 
@@ -42,8 +45,8 @@ module Projects
 
       private
 
-      def check_feature_availability
-        render_404 unless project_access_token_available?(@project)
+      def check_permission(action)
+        render_404 unless can?(current_user, action, @project)
       end
 
       def create_params
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-04-20 17:36:54 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-04-20 17:36:54 +0300
commit	f61bb2a16a514b71bf33aabbbb999d6732016a24 (patch)
tree	9548caa89e60b4f40b99bbd1dac030420b812aa8 /app/controllers/projects/settings/access_tokens_controller.rb
parent	35fc54e5d261f8898e390aea7c2f5ec5fdf0539d (diff)