diff options
Diffstat (limited to 'app/controllers/projects/settings/access_tokens_controller.rb')
-rw-r--r-- | app/controllers/projects/settings/access_tokens_controller.rb | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/app/controllers/projects/settings/access_tokens_controller.rb b/app/controllers/projects/settings/access_tokens_controller.rb index 74350147825..e3bb8c616df 100644 --- a/app/controllers/projects/settings/access_tokens_controller.rb +++ b/app/controllers/projects/settings/access_tokens_controller.rb @@ -5,7 +5,10 @@ module Projects class AccessTokensController < Projects::ApplicationController include ProjectsHelper - before_action :check_feature_availability + layout 'project_settings' + before_action -> { check_permission(:read_resource_access_tokens) }, only: [:index] + before_action -> { check_permission(:destroy_resource_access_tokens) }, only: [:revoke] + before_action -> { check_permission(:create_resource_access_tokens) }, only: [:create] feature_category :authentication_and_authorization @@ -42,8 +45,8 @@ module Projects private - def check_feature_availability - render_404 unless project_access_token_available?(@project) + def check_permission(action) + render_404 unless can?(current_user, action, @project) end def create_params |