Merge branch 'fix-project-hook-delete-permissions' into 'master'

Prevent users from deleting Webhooks via API they do not own Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15576 See merge request !1959 Signed-off-by: Rémy Coutable <remy@rymai.me>
author: Rémy Coutable <remy@gitlab.com> 2016-04-25 12:26:58 +0300
committer: Rémy Coutable <remy@rymai.me> 2016-04-26 12:04:15 +0300
commit: 20cb5a7b3ecffac346498bda13184005103c1285 (patch)
tree: beadbdcc19d1742ee8a3523c2f6b6b4842dca930 /lib
parent: 88e60bbbcb676274fd4a84ca4bc7f70497a09671 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/api/project_hooks.rb b/lib/api/project_hooks.rb
index 882d1a083ad..4b7e4a6b1e3 100644
--- a/lib/api/project_hooks.rb
+++ b/lib/api/project_hooks.rb
@@ -101,10 +101,10 @@ module API
         required_attributes! [:hook_id]
 
         begin
-          @hook = ProjectHook.find(params[:hook_id])
-          @hook.destroy
+          @hook = user_project.hooks.destroy(params[:hook_id])
         rescue
           # ProjectHook can raise Error if hook_id not found
+          not_found!("Error deleting hook #{params[:hook_id]}")
         end
       end
     end
author	Rémy Coutable <remy@gitlab.com>	2016-04-25 12:26:58 +0300
committer	Rémy Coutable <remy@rymai.me>	2016-04-26 12:04:15 +0300
commit	20cb5a7b3ecffac346498bda13184005103c1285 (patch)
tree	beadbdcc19d1742ee8a3523c2f6b6b4842dca930 /lib
parent	88e60bbbcb676274fd4a84ca4bc7f70497a09671 (diff)