Do not expose trigger token when user should not see it

author: Grzegorz Bizon <grzesiek.bizon@gmail.com> 2018-12-19 16:15:58 +0300
committer: Yorick Peterse <yorickpeterse@gmail.com> 2019-01-31 18:51:17 +0300
commit: 084b7edb17d25a3d43526cca560569dd82c5c09d (patch)
tree: eff6234322aec4cb438d4751bb7adb1c19cfd5cc /app/presenters
parent: 9f67b886b2cf425329a4dc792e6c41cf571ab102 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/app/presenters/ci/trigger_presenter.rb b/app/presenters/ci/trigger_presenter.rb
new file mode 100644
index 00000000000..605c8f328a4
--- /dev/null
+++ b/app/presenters/ci/trigger_presenter.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Ci
+  class TriggerPresenter < Gitlab::View::Presenter::Delegated
+    presents :trigger
+
+    def has_token_exposed?
+      can?(current_user, :admin_trigger, trigger)
+    end
+
+    def token
+      if has_token_exposed?
+        trigger.token
+      else
+        trigger.short_token
+      end
+    end
+  end
+end
author	Grzegorz Bizon <grzesiek.bizon@gmail.com>	2018-12-19 16:15:58 +0300
committer	Yorick Peterse <yorickpeterse@gmail.com>	2019-01-31 18:51:17 +0300
commit	084b7edb17d25a3d43526cca560569dd82c5c09d (patch)
tree	eff6234322aec4cb438d4751bb7adb1c19cfd5cc /app/presenters
parent	9f67b886b2cf425329a4dc792e6c41cf571ab102 (diff)