Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
authorSean McGivern <sean@gitlab.com>2019-05-02 13:13:42 +0300
committerSean McGivern <sean@gitlab.com>2019-05-02 13:13:42 +0300
commitc1892f6c9000cacafae4f6c8992ba6c1128c8c95 (patch)
tree237c2955a1514b9be6b8b09c4bdb16323573641a /app/controllers
parentacb55198b4a05a0b4ac2662bf68cfeb3d744ca01 (diff)
Remove the `comment_personal_snippet` permission
This is now entirely handled by `create_note`: 1. Project snippets prevent `create_note`. 2. Uploads already only support routing for personal snippets. This simplifies some policies and access checks, too!
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/uploads_controller.rb5
1 files changed, 3 insertions, 2 deletions
diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
index 568c6e2a852..060b09f015c 100644
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -56,8 +56,9 @@ class UploadsController < ApplicationController
def authorize_create_access!
return unless model
- # for now we support only personal snippets comments
- authorized = can?(current_user, :comment_personal_snippet, model)
+ # for now we support only personal snippets comments. Only personal_snippet
+ # is allowed as a model to #create through routing.
+ authorized = can?(current_user, :create_note, model)
render_unauthorized unless authorized
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-03 14:32:09 +0300