diff options
author | Filipa Lacerda <filipa@gitlab.com> | 2018-07-13 17:48:15 +0300 |
---|---|---|
committer | Filipa Lacerda <filipa@gitlab.com> | 2018-07-13 17:48:15 +0300 |
commit | 6717643c30541a95eeb99202861c43eca7ffd9b4 (patch) | |
tree | 87d86e5d76dd4a0f3d2e00ee9bf8aa17f052674e /lib | |
parent | 16b867d8ce6246ad849642d9f3a5cc505b312a5a (diff) | |
parent | 9b9cbb4a1a046d4aa04af94373216fa8fdba79db (diff) |
Merge branch 'ide-merge-requests-forks' into 'master'
Allow merge requests from forks to be opened in Web IDE
Closes #47460
See merge request gitlab-org/gitlab-ce!20521
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/commits.rb | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/lib/api/commits.rb b/lib/api/commits.rb index 964780cba6a..92329465b2c 100644 --- a/lib/api/commits.rb +++ b/lib/api/commits.rb @@ -6,6 +6,18 @@ module API before { authorize! :download_code, user_project } + helpers do + def user_access + @user_access ||= Gitlab::UserAccess.new(current_user, project: user_project) + end + + def authorize_push_to_branch!(branch) + unless user_access.can_push_to_branch?(branch) + forbidden!("You are not allowed to push into this branch") + end + end + end + params do requires :id, type: String, desc: 'The ID of a project' end @@ -67,7 +79,7 @@ module API optional :author_name, type: String, desc: 'Author name for commit' end post ':id/repository/commits' do - authorize! :push_code, user_project + authorize_push_to_branch!(params[:branch]) attrs = declared_params attrs[:branch_name] = attrs.delete(:branch) @@ -142,7 +154,7 @@ module API requires :branch, type: String, desc: 'The name of the branch' end post ':id/repository/commits/:sha/cherry_pick', requirements: API::COMMIT_ENDPOINT_REQUIREMENTS do - authorize! :push_code, user_project + authorize_push_to_branch!(params[:branch]) commit = user_project.commit(params[:sha]) not_found!('Commit') unless commit |