diff options
| author | John Jarvis <jarv@gitlab.com> | 2019-01-01 23:38:07 +0300 |
|---|---|---|
| committer | John Jarvis <jarv@gitlab.com> | 2019-01-01 23:38:07 +0300 |
| commit | 082a65670290cd4d6064ecc0fe1a3a947bf39d8e (patch) | |
| tree | 35343007575cf60ced6766e367769a04542d0328 /app | |
| parent | 5d550fa5a2d780fecef328525d16b3288606696f (diff) | |
| parent | e264677bf1799f52c23cd602aaafad4fb53b36ba (diff) | |
Merge branch 'security-master-group-cicd-settings-accessible-to-maintainer' into 'master'
[master] Group Ex-Maintainer Could maintain Access to Project's Source Code/Jobs/Pipelines/Artifacts if it had Shared Group Runner Configured
See merge request gitlab/gitlabhq!2721
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/groups/settings/ci_cd_controller.rb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/app/controllers/groups/settings/ci_cd_controller.rb b/app/controllers/groups/settings/ci_cd_controller.rb index c1dcc463de7..f476f428fdb 100644 --- a/app/controllers/groups/settings/ci_cd_controller.rb +++ b/app/controllers/groups/settings/ci_cd_controller.rb @@ -4,7 +4,7 @@ module Groups module Settings class CiCdController < Groups::ApplicationController skip_cross_project_access_check :show - before_action :authorize_admin_pipeline! + before_action :authorize_admin_group! def show define_ci_variables @@ -26,8 +26,8 @@ module Groups .map { |variable| variable.present(current_user: current_user) } end - def authorize_admin_pipeline! - return render_404 unless can?(current_user, :admin_pipeline, group) + def authorize_admin_group! + return render_404 unless can?(current_user, :admin_group, group) end end end |