diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-04-20 17:36:54 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-04-20 17:36:54 +0300 |
commit | f61bb2a16a514b71bf33aabbbb999d6732016a24 (patch) | |
tree | 9548caa89e60b4f40b99bbd1dac030420b812aa8 /app/controllers/projects/settings/access_tokens_controller.rb | |
parent | 35fc54e5d261f8898e390aea7c2f5ec5fdf0539d (diff) |
Add latest changes from gitlab-org/gitlab@13-11-stable-eev13.11.0-rc42
Diffstat (limited to 'app/controllers/projects/settings/access_tokens_controller.rb')
-rw-r--r-- | app/controllers/projects/settings/access_tokens_controller.rb | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/app/controllers/projects/settings/access_tokens_controller.rb b/app/controllers/projects/settings/access_tokens_controller.rb index 74350147825..e3bb8c616df 100644 --- a/app/controllers/projects/settings/access_tokens_controller.rb +++ b/app/controllers/projects/settings/access_tokens_controller.rb @@ -5,7 +5,10 @@ module Projects class AccessTokensController < Projects::ApplicationController include ProjectsHelper - before_action :check_feature_availability + layout 'project_settings' + before_action -> { check_permission(:read_resource_access_tokens) }, only: [:index] + before_action -> { check_permission(:destroy_resource_access_tokens) }, only: [:revoke] + before_action -> { check_permission(:create_resource_access_tokens) }, only: [:create] feature_category :authentication_and_authorization @@ -42,8 +45,8 @@ module Projects private - def check_feature_availability - render_404 unless project_access_token_available?(@project) + def check_permission(action) + render_404 unless can?(current_user, action, @project) end def create_params |