Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/projects/settings/access_tokens_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/projects/settings/access_tokens_controller.rb')
-rw-r--r--app/controllers/projects/settings/access_tokens_controller.rb9
1 files changed, 6 insertions, 3 deletions
diff --git a/app/controllers/projects/settings/access_tokens_controller.rb b/app/controllers/projects/settings/access_tokens_controller.rb
index 74350147825..e3bb8c616df 100644
--- a/app/controllers/projects/settings/access_tokens_controller.rb
+++ b/app/controllers/projects/settings/access_tokens_controller.rb
@@ -5,7 +5,10 @@ module Projects
class AccessTokensController < Projects::ApplicationController
include ProjectsHelper
- before_action :check_feature_availability
+ layout 'project_settings'
+ before_action -> { check_permission(:read_resource_access_tokens) }, only: [:index]
+ before_action -> { check_permission(:destroy_resource_access_tokens) }, only: [:revoke]
+ before_action -> { check_permission(:create_resource_access_tokens) }, only: [:create]
feature_category :authentication_and_authorization
@@ -42,8 +45,8 @@ module Projects
private
- def check_feature_availability
- render_404 unless project_access_token_available?(@project)
+ def check_permission(action)
+ render_404 unless can?(current_user, action, @project)
end
def create_params
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 14:51:59 +0300