diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/groups/application_controller.rb | 12 | ||||
-rw-r--r-- | app/controllers/groups/runners_controller.rb | 7 |
2 files changed, 15 insertions, 4 deletions
diff --git a/app/controllers/groups/application_controller.rb b/app/controllers/groups/application_controller.rb index ab67a007bd9..f9c875b80b2 100644 --- a/app/controllers/groups/application_controller.rb +++ b/app/controllers/groups/application_controller.rb @@ -37,6 +37,18 @@ class Groups::ApplicationController < ApplicationController end end + def authorize_admin_group_runners! + unless can?(current_user, :admin_group_runners, group) + render_404 + end + end + + def authorize_read_group_runners! + unless can?(current_user, :read_group_runners, group) + render_404 + end + end + def authorize_create_deploy_token! unless can?(current_user, :create_deploy_token, group) render_404 diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb index 5c21c7b023c..f602d02a165 100644 --- a/app/controllers/groups/runners_controller.rb +++ b/app/controllers/groups/runners_controller.rb @@ -1,9 +1,8 @@ # frozen_string_literal: true class Groups::RunnersController < Groups::ApplicationController - # TODO Proper policies, such as `read_group_runners, should be implemented per - # https://gitlab.com/gitlab-org/gitlab/-/issues/334802 - before_action :authorize_admin_group! + before_action :authorize_read_group_runners!, only: [:index, :show] + before_action :authorize_admin_group_runners!, only: [:edit, :update, :destroy, :pause, :resume] before_action :runner_list_group_view_vue_ui_enabled, only: [:index] before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show] @@ -17,7 +16,7 @@ class Groups::RunnersController < Groups::ApplicationController end def runner_list_group_view_vue_ui_enabled - return render_404 unless Feature.enabled?(:runner_list_group_view_vue_ui, group, default_enabled: :yaml) + render_404 unless Feature.enabled?(:runner_list_group_view_vue_ui, group, default_enabled: :yaml) end def show |