diff options
author | John Jarvis <jarv@gitlab.com> | 2019-01-02 00:52:05 +0300 |
---|---|---|
committer | John Jarvis <jarv@gitlab.com> | 2019-01-02 00:52:05 +0300 |
commit | 638582e00108995804d44b451197fe977fbd0f01 (patch) | |
tree | a903f7736fde5e807cf6df64f024e686ee16b22f /lib | |
parent | 895355724586574634f0ffdde7a70ca53a19be17 (diff) | |
parent | ec4ade500e5eb7060b4b79f6bed2f474ce03a851 (diff) |
Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/jobs.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/api/jobs.rb b/lib/api/jobs.rb index 80a5cbd6b19..45c694b6448 100644 --- a/lib/api/jobs.rb +++ b/lib/api/jobs.rb @@ -38,6 +38,8 @@ module API end # rubocop: disable CodeReuse/ActiveRecord get ':id/jobs' do + authorize_read_builds! + builds = user_project.builds.order('id DESC') builds = filter_builds(builds, params[:scope]) @@ -56,7 +58,10 @@ module API end # rubocop: disable CodeReuse/ActiveRecord get ':id/pipelines/:pipeline_id/jobs' do + authorize!(:read_pipeline, user_project) pipeline = user_project.ci_pipelines.find(params[:pipeline_id]) + authorize!(:read_build, pipeline) + builds = pipeline.builds builds = filter_builds(builds, params[:scope]) builds = builds.preload(:job_artifacts_archive, :job_artifacts, project: [:namespace]) |