Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2019-11-30 00:06:13 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2019-11-30 00:06:13 +0300
commit: 839c080dd0976f19c274eee1331c47985490cd41 (patch)
tree: da3af62d5469f80c7555f9e8df11c18049e0334e /app/controllers/snippets_controller.rb
parent: 8263f6ee3131cdea3c6041785c32771a6af0b24f (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index 5805d068e21..54774df5e76 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -15,13 +15,9 @@ class SnippetsController < ApplicationController
 
   before_action :snippet, only: [:show, :edit, :destroy, :update, :raw]
 
-  # Allow read snippet
+  before_action :authorize_create_snippet!, only: [:new, :create]
   before_action :authorize_read_snippet!, only: [:show, :raw]
-
-  # Allow modify snippet
   before_action :authorize_update_snippet!, only: [:edit, :update]
-
-  # Allow destroy snippet
   before_action :authorize_admin_snippet!, only: [:destroy]
 
   skip_before_action :authenticate_user!, only: [:index, :show, :raw]
@@ -140,6 +136,10 @@ class SnippetsController < ApplicationController
     return render_404 unless can?(current_user, :admin_personal_snippet, @snippet)
   end
 
+  def authorize_create_snippet!
+    return render_404 unless can?(current_user, :create_personal_snippet)
+  end
+
   def snippet_params
     params.require(:personal_snippet).permit(:title, :content, :file_name, :private, :visibility_level, :description)
   end
author	GitLab Bot <gitlab-bot@gitlab.com>	2019-11-30 00:06:13 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2019-11-30 00:06:13 +0300
commit	839c080dd0976f19c274eee1331c47985490cd41 (patch)
tree	da3af62d5469f80c7555f9e8df11c18049e0334e /app/controllers/snippets_controller.rb
parent	8263f6ee3131cdea3c6041785c32771a6af0b24f (diff)