Commit c5e16d52 authored by Shinya Maeda's avatar Shinya Maeda

Define authorize_update_pipeline_schedule and apply to :edit, :take_ownership, :update

parent 08ed07cf
class Projects::PipelineSchedulesController < Projects::ApplicationController class Projects::PipelineSchedulesController < Projects::ApplicationController
before_action :schedule, only: [:edit, :update, :destroy, :take_ownership]
before_action :authorize_read_pipeline_schedule! before_action :authorize_read_pipeline_schedule!
before_action :authorize_create_pipeline_schedule!, only: [:new, :create] before_action :authorize_create_pipeline_schedule!, only: [:new, :create]
before_action :authorize_update_pipeline_schedule!, only: [:edit, :take_ownership, :update] before_action :authorize_update_pipeline_schedule!, only: [:edit, :take_ownership, :update]
before_action :authorize_admin_pipeline_schedule!, only: [:destroy] before_action :authorize_admin_pipeline_schedule!, only: [:destroy]
before_action :schedule, only: [:edit, :update, :destroy, :take_ownership]
def index def index
@scope = params[:scope] @scope = params[:scope]
@all_schedules = PipelineSchedulesFinder.new(@project).execute @all_schedules = PipelineSchedulesFinder.new(@project).execute
...@@ -33,8 +33,6 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController ...@@ -33,8 +33,6 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
end end
def update def update
return access_denied! unless can?(current_user, :update_pipeline_schedule, schedule)
if Ci::CreatePipelineScheduleService if Ci::CreatePipelineScheduleService
.new(@project, current_user, schedule_params).update(schedule) .new(@project, current_user, schedule_params).update(schedule)
redirect_to namespace_project_pipeline_schedules_path(@project.namespace.becomes(Namespace), @project) redirect_to namespace_project_pipeline_schedules_path(@project.namespace.becomes(Namespace), @project)
...@@ -72,4 +70,8 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController ...@@ -72,4 +70,8 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
.permit(:description, :cron, :cron_timezone, :ref, :active, .permit(:description, :cron, :cron_timezone, :ref, :active,
variables_attributes: [:id, :key, :value, :_destroy] ) variables_attributes: [:id, :key, :value, :_destroy] )
end end
def authorize_update_pipeline_schedule!
return access_denied! unless can?(current_user, :update_pipeline_schedule, schedule)
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment