diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index f260a2e0597d9559103785a2c9c29e21b5763376..ba5c52d510f112b374b7c948b6c7aad05f15c823 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -9,7 +9,10 @@ class Projects::IssuesController < Projects::ApplicationController before_filter :authorize_write_issue!, only: [:new, :create] # Allow modify issue - before_filter :authorize_modify_issue!, only: [:edit, :update, :bulk_update] + before_filter :authorize_modify_issue!, only: [:edit, :update] + + # Allow issues bulk update + before_filter :authorize_admin_issues!, only: [:bulk_update] respond_to :html @@ -107,8 +110,8 @@ class Projects::IssuesController < Projects::ApplicationController return render_404 unless can?(current_user, :modify_issue, @issue) end - def authorize_admin_issue! - return render_404 unless can?(current_user, :admin_issue, @issue) + def authorize_admin_issues! + return render_404 unless can?(current_user, :admin_issue, @project) end def module_enabled diff --git a/app/models/ability.rb b/app/models/ability.rb index 038668fccfff987cfc51c5769304097b4c7636b9..120af807448b490f57ca124478a92800aad08163 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -126,6 +126,7 @@ class Ability :write_merge_request, :write_wiki, :modify_issue, + :admin_issue, :push_code ] end