diff options
Diffstat (limited to 'app/controllers/groups/settings/repository_controller.rb')
-rw-r--r-- | app/controllers/groups/settings/repository_controller.rb | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/app/controllers/groups/settings/repository_controller.rb b/app/controllers/groups/settings/repository_controller.rb index b0431c31179..cb62ea2a543 100644 --- a/app/controllers/groups/settings/repository_controller.rb +++ b/app/controllers/groups/settings/repository_controller.rb @@ -5,8 +5,9 @@ module Groups class RepositoryController < Groups::ApplicationController layout 'group_settings' skip_cross_project_access_check :show - before_action :authorize_create_deploy_token! - before_action :define_deploy_token_variables + before_action :authorize_create_deploy_token!, only: :create_deploy_token + before_action :authorize_access!, only: :show + before_action :define_deploy_token_variables, if: -> { can?(current_user, :create_deploy_token, @group) } before_action do push_frontend_feature_flag(:ajax_new_deploy_token, @group) end @@ -16,13 +17,13 @@ module Groups def create_deploy_token result = Groups::DeployTokens::CreateService.new(@group, current_user, deploy_token_params).execute - @new_deploy_token = result[:deploy_token] if result[:status] == :success + @created_deploy_token = result[:deploy_token] respond_to do |format| format.json do # IMPORTANT: It's a security risk to expose the token value more than just once here! - json = API::Entities::DeployTokenWithToken.represent(@new_deploy_token).as_json + json = API::Entities::DeployTokenWithToken.represent(@created_deploy_token).as_json render json: json, status: result[:http_status] end format.html do @@ -31,6 +32,7 @@ module Groups end end else + @new_deploy_token = result[:deploy_token] respond_to do |format| format.json { render json: { message: result[:message] }, status: result[:http_status] } format.html do @@ -43,6 +45,10 @@ module Groups private + def authorize_access! + authorize_admin_group! + end + def define_deploy_token_variables @deploy_tokens = @group.deploy_tokens.active @@ -55,3 +61,5 @@ module Groups end end end + +Groups::Settings::RepositoryController.prepend_mod |