Define authorize_update_pipeline_schedule and apply to :edit, :take_ownership, :update

c5e16d52 · Shinya Maeda · 08ed07cf · c5e16d52
Commit c5e16d52 authored Jun 27, 2017 by Shinya Maeda
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

app/controllers/projects/pipeline_schedules_controller.rb app/controllers/projects/pipeline_schedules_controller.rb +6 -4

No files found.
--- a/app/controllers/projects/pipeline_schedules_controller.rb
+++ b/app/controllers/projects/pipeline_schedules_controller.rb
 class Projects::PipelineSchedulesController < Projects::ApplicationController
+  before_action :schedule, only: [:edit, :update, :destroy, :take_ownership]
  before_action :authorize_read_pipeline_schedule!
  before_action :authorize_create_pipeline_schedule!, only: [:new, :create]
  before_action :authorize_update_pipeline_schedule!, only: [:edit, :take_ownership, :update]
  before_action :authorize_admin_pipeline_schedule!, only: [:destroy]
-  before_action :schedule, only: [:edit, :update, :destroy, :take_ownership]
  def index
    @scope = params[:scope]
    @all_schedules = PipelineSchedulesFinder.new(@project).execute
@@ -33,8 +33,6 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
  end
  def update
-    return access_denied! unless can?(current_user, :update_pipeline_schedule, schedule)
    if Ci::CreatePipelineScheduleService
        .new(@project, current_user, schedule_params).update(schedule)
      redirect_to namespace_project_pipeline_schedules_path(@project.namespace.becomes(Namespace), @project)
@@ -72,4 +70,8 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
      .permit(:description, :cron, :cron_timezone, :ref, :active,
        variables_attributes: [:id, :key, :value, :_destroy] )
  end
+  def authorize_update_pipeline_schedule!
+    return access_denied! unless can?(current_user, :update_pipeline_schedule, schedule)
+  end
 end