Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/services
diff options
context:
space:
mode:
Diffstat (limited to 'app/services')
-rw-r--r--app/services/ci/pipeline_schedules/base_save_service.rb6
-rw-r--r--app/services/ci/pipeline_schedules/update_service.rb6
2 files changed, 11 insertions, 1 deletions
diff --git a/app/services/ci/pipeline_schedules/base_save_service.rb b/app/services/ci/pipeline_schedules/base_save_service.rb
index 45d70e5a65d..e6f633498e9 100644
--- a/app/services/ci/pipeline_schedules/base_save_service.rb
+++ b/app/services/ci/pipeline_schedules/base_save_service.rb
@@ -23,7 +23,11 @@ module Ci
attr_reader :project, :user, :params, :schedule
def allowed_to_save?
- user.can?(self.class::AUTHORIZE, schedule)
+ # Disable cache because the same ability may already have been checked
+ # for the same records with different attributes. For example, we do not
+ # want an unauthorized user to change an unprotected ref to a protected
+ # ref.
+ user.can?(self.class::AUTHORIZE, schedule, cache: false)
end
def forbidden_to_save
diff --git a/app/services/ci/pipeline_schedules/update_service.rb b/app/services/ci/pipeline_schedules/update_service.rb
index 2fd1173ecce..76b2121c4e1 100644
--- a/app/services/ci/pipeline_schedules/update_service.rb
+++ b/app/services/ci/pipeline_schedules/update_service.rb
@@ -12,6 +12,12 @@ module Ci
@params = params
end
+ def execute
+ return forbidden_to_save unless allowed_to_save?
+
+ super
+ end
+
private
def authorize_message
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-26 04:13:49 +0300