diff options
Diffstat (limited to 'lib/api/merge_requests.rb')
-rw-r--r-- | lib/api/merge_requests.rb | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index 25fbeca01dc..cd46b442b68 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -140,7 +140,6 @@ module API end get feature_category: :code_review_workflow, urgency: :low do authenticate! unless params[:scope] == 'all' - validate_anonymous_search_access! if params[:search].present? validate_search_rate_limit! if declared_params[:search].present? merge_requests = find_merge_requests @@ -169,7 +168,6 @@ module API desc: 'Returns merge requests from non archived projects only.' end get ":id/merge_requests", feature_category: :code_review_workflow, urgency: :low do - validate_anonymous_search_access! if declared_params[:search].present? validate_search_rate_limit! if declared_params[:search].present? merge_requests = find_merge_requests(group_id: user_group.id, include_subgroups: true) @@ -237,7 +235,6 @@ module API end get ":id/merge_requests", feature_category: :code_review_workflow, urgency: :low do authorize! :read_merge_request, user_project - validate_anonymous_search_access! if declared_params[:search].present? validate_search_rate_limit! if declared_params[:search].present? merge_requests = find_merge_requests(project_id: user_project.id) @@ -315,7 +312,7 @@ module API authorize!(:destroy_merge_request, merge_request) destroy_conditionally!(merge_request) do |merge_request| - Issuable::DestroyService.new(project: user_project, current_user: current_user).execute(merge_request) + Issuable::DestroyService.new(container: user_project, current_user: current_user).execute(merge_request) end end @@ -627,8 +624,9 @@ module API merge_request = find_project_merge_request(params[:merge_request_iid]) - # Merge request can not be merged - # because user dont have permissions to push into target branch + # Merge request can not be merged because the user doesn't have + # permissions to push into target branch + # unauthorized! unless merge_request.can_be_merged_by?(current_user) merge_when_pipeline_succeeds = to_boolean(params[:merge_when_pipeline_succeeds]) |