diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-30 00:06:13 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-30 00:06:13 +0300 |
commit | 839c080dd0976f19c274eee1331c47985490cd41 (patch) | |
tree | da3af62d5469f80c7555f9e8df11c18049e0334e /app/controllers/snippets_controller.rb | |
parent | 8263f6ee3131cdea3c6041785c32771a6af0b24f (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/controllers/snippets_controller.rb')
-rw-r--r-- | app/controllers/snippets_controller.rb | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb index 5805d068e21..54774df5e76 100644 --- a/app/controllers/snippets_controller.rb +++ b/app/controllers/snippets_controller.rb @@ -15,13 +15,9 @@ class SnippetsController < ApplicationController before_action :snippet, only: [:show, :edit, :destroy, :update, :raw] - # Allow read snippet + before_action :authorize_create_snippet!, only: [:new, :create] before_action :authorize_read_snippet!, only: [:show, :raw] - - # Allow modify snippet before_action :authorize_update_snippet!, only: [:edit, :update] - - # Allow destroy snippet before_action :authorize_admin_snippet!, only: [:destroy] skip_before_action :authenticate_user!, only: [:index, :show, :raw] @@ -140,6 +136,10 @@ class SnippetsController < ApplicationController return render_404 unless can?(current_user, :admin_personal_snippet, @snippet) end + def authorize_create_snippet! + return render_404 unless can?(current_user, :create_personal_snippet) + end + def snippet_params params.require(:personal_snippet).permit(:title, :content, :file_name, :private, :visibility_level, :description) end |