Merge branch 'new-tag-branch-authorization' into 'master'

Add authorization to new branch/tag pages. The create actions have authorization, the new actions didn't, so no-one unauthorized could actually do anything, but it was wrong(TM). See merge request !1979

Merge branch 'new-tag-branch-authorization' into 'master'
Add authorization to new branch/tag pages. The create actions have authorization, the new actions didn't, so no-one unauthorized could actually do anything, but it was wrong(TM). See merge request !1979
05d5485d · Robert Speicher · bcf74d6e · a89d6d14 · 05d5485d · 05d5485d
Commit 05d5485d authored Dec 03, 2015 by Robert Speicher
Showing with 2 additions and 2 deletions

app/controllers/projects/branches_controller.rb app/controllers/projects/branches_controller.rb +1 -1

app/controllers/projects/tags_controller.rb app/controllers/projects/tags_controller.rb +1 -1

No files found.
--- a/app/controllers/projects/branches_controller.rb
+++ b/app/controllers/projects/branches_controller.rb
@@ -3,7 +3,7 @@ class Projects::BranchesController < Projects::ApplicationController
  # Authorize
  before_action :require_non_empty_project
  before_action :authorize_download_code!
-  before_action :authorize_push_code!, only: [:create, :destroy]
+  before_action :authorize_push_code!, only: [:new, :create, :destroy]

  def index
    @sort = params[:sort] || 'name'

--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -2,7 +2,7 @@ class Projects::TagsController < Projects::ApplicationController
  # Authorize
  before_action :require_non_empty_project
  before_action :authorize_download_code!
-  before_action :authorize_push_code!, only: [:create]
+  before_action :authorize_push_code!, only: [:new, :create]
  before_action :authorize_admin_project!, only: [:destroy]

  def index