From 9b58b8e363fd388635385085c58be3d4637eaa45 Mon Sep 17 00:00:00 2001
From: Shinya Maeda <shinya@gitlab.com>
Date: Mon, 6 Nov 2017 22:20:44 +0900
Subject: Do not allow jobs to be erased

---
 app/controllers/projects/jobs_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'app/controllers/projects/jobs_controller.rb')

diff --git a/app/controllers/projects/jobs_controller.rb b/app/controllers/projects/jobs_controller.rb
index 1b985ea9763..fd6708666c3 100644
--- a/app/controllers/projects/jobs_controller.rb
+++ b/app/controllers/projects/jobs_controller.rb
@@ -5,6 +5,7 @@ class Projects::JobsController < Projects::ApplicationController
     only: [:index, :show, :status, :raw, :trace]
   before_action :authorize_update_build!,
     except: [:index, :show, :status, :raw, :trace, :cancel_all]
+  before_action :authorize_erase_build!, only: [:erase]
 
   layout 'project'
 
@@ -131,6 +132,10 @@ class Projects::JobsController < Projects::ApplicationController
     return access_denied! unless can?(current_user, :update_build, build)
   end
 
+  def authorize_erase_build!
+    return access_denied! unless can?(current_user, :erase_build, build)
+  end
+
   def build
     @build ||= project.builds.find(params[:id])
       .present(current_user: current_user)
-- 
cgit v1.2.3