diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-09-07 09:11:01 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-09-07 09:11:01 +0300 |
commit | 4bcd95583079cb769cfe8fa5350cbf3864f15f99 (patch) | |
tree | 06d948026cb8723ee2f895f9485e1c533f60f552 /lib/api/helpers.rb | |
parent | b34fdc03bd8a2242aa422f3319937b0e0864ced2 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/api/helpers.rb')
-rw-r--r-- | lib/api/helpers.rb | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index edfb1880dc3..4dcca4bdbf9 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -184,6 +184,30 @@ module API end # rubocop: disable CodeReuse/ActiveRecord + def find_pipeline(id) + return unless id + + if id.to_s =~ INTEGER_ID_REGEX + ::Ci::Pipeline.find_by(id: id) + end + end + # rubocop: enable CodeReuse/ActiveRecord + + def find_pipeline!(id) + pipeline = find_pipeline(id) + check_pipeline_access(pipeline) + end + + def check_pipeline_access(pipeline) + return forbidden! unless authorized_project_scope?(pipeline&.project) + + return pipeline if can?(current_user, :read_pipeline, pipeline) + return unauthorized! if authenticate_non_public? + + not_found!('Pipeline') + end + + # rubocop: disable CodeReuse/ActiveRecord def find_group(id) if id.to_s =~ INTEGER_ID_REGEX Group.find_by(id: id) |