diff options
author | Vladimir Shushlin <vshushlin@gitlab.com> | 2019-02-25 14:43:19 +0300 |
---|---|---|
committer | Kamil TrzciĆski <ayufan@ayufan.eu> | 2019-02-25 14:43:19 +0300 |
commit | ddfdd494f01571604201b9da911d7c169376e77f (patch) | |
tree | 586138ea2b1c4889ce43528820de1b87788e98cd /app | |
parent | c6b9ac860c654ec305c779ac1843e1d2ad096c31 (diff) |
Allow maintainers to remove pages
Move remove_pages permission to maintainer
Fix before_action in pages controller to check `remove_pages`
permission
Add specs
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects/pages_controller.rb | 3 | ||||
-rw-r--r-- | app/policies/project_policy.rb | 2 | ||||
-rw-r--r-- | app/views/projects/pages/_destroy.haml | 2 |
3 files changed, 4 insertions, 3 deletions
diff --git a/app/controllers/projects/pages_controller.rb b/app/controllers/projects/pages_controller.rb index d0e35bee986..73e629ab7c3 100644 --- a/app/controllers/projects/pages_controller.rb +++ b/app/controllers/projects/pages_controller.rb @@ -5,7 +5,8 @@ class Projects::PagesController < Projects::ApplicationController before_action :require_pages_enabled! before_action :authorize_read_pages!, only: [:show] - before_action :authorize_update_pages!, except: [:show] + before_action :authorize_update_pages!, except: [:show, :destroy] + before_action :authorize_remove_pages!, only: [:destroy] # rubocop: disable CodeReuse/ActiveRecord def show diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index cadbc5ae009..95dd8b2795e 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -152,7 +152,6 @@ class ProjectPolicy < BasePolicy enable :remove_fork_project enable :destroy_merge_request enable :destroy_issue - enable :remove_pages enable :set_issue_iid enable :set_issue_created_at @@ -271,6 +270,7 @@ class ProjectPolicy < BasePolicy enable :admin_pages enable :read_pages enable :update_pages + enable :remove_pages enable :read_cluster enable :add_cluster enable :create_cluster diff --git a/app/views/projects/pages/_destroy.haml b/app/views/projects/pages/_destroy.haml index ae8c801b705..138e2864bad 100644 --- a/app/views/projects/pages/_destroy.haml +++ b/app/views/projects/pages/_destroy.haml @@ -9,4 +9,4 @@ .form-actions = link_to 'Remove pages', project_pages_path(@project), data: { confirm: 'Are you sure?'}, method: :delete, class: "btn btn-remove" - else - .nothing-here-block Only the project owner can remove pages + .nothing-here-block Only project maintainers can remove pages |