diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 15:49:34 +0300 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 15:49:37 +0300 |
commit | cb632a436287af838cfaa50a7fb12e5f10a1908a (patch) | |
tree | f649808105e5985c4a8f8216ec48a732ac47e1f3 /lib | |
parent | 5fc2d1559afd27a701d99c875a6fc804129cb103 (diff) |
Merge branch 'security-11-6-test-permissions' into 'security-11-6'
[11.6] Pipelines section is available to unauthorized users
See merge request gitlab/gitlabhq!2805
(cherry picked from commit 6f6e0e2ba7e8e2afe38e2d57883a8dfda0685d86)
e5c0b597 Backport security fix
181c74a1 Add CHANGELONG entry
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/pipelines.rb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/api/pipelines.rb b/lib/api/pipelines.rb index 7a7b23d2bbb..0317d69edde 100644 --- a/lib/api/pipelines.rb +++ b/lib/api/pipelines.rb @@ -76,7 +76,7 @@ module API requires :pipeline_id, type: Integer, desc: 'The pipeline ID' end get ':id/pipelines/:pipeline_id' do - authorize! :read_pipeline, user_project + authorize! :read_pipeline, pipeline present pipeline, with: Entities::Pipeline end @@ -104,7 +104,7 @@ module API requires :pipeline_id, type: Integer, desc: 'The pipeline ID' end post ':id/pipelines/:pipeline_id/retry' do - authorize! :update_pipeline, user_project + authorize! :update_pipeline, pipeline pipeline.retry_failed(current_user) @@ -119,7 +119,7 @@ module API requires :pipeline_id, type: Integer, desc: 'The pipeline ID' end post ':id/pipelines/:pipeline_id/cancel' do - authorize! :update_pipeline, user_project + authorize! :update_pipeline, pipeline pipeline.cancel_running |