Commit 89b856e7 authored by Matija Čupić's avatar Matija Čupić

Authorize read_pipeline before read_build

parent a1c77f2d
...@@ -59,6 +59,7 @@ module API ...@@ -59,6 +59,7 @@ module API
# rubocop: disable CodeReuse/ActiveRecord # rubocop: disable CodeReuse/ActiveRecord
get ':id/pipelines/:pipeline_id/jobs' do get ':id/pipelines/:pipeline_id/jobs' do
pipeline = user_project.ci_pipelines.find(params[:pipeline_id]) pipeline = user_project.ci_pipelines.find(params[:pipeline_id])
authorize!(:read_pipeline, user_project)
authorize!(:read_build, pipeline) authorize!(:read_build, pipeline)
builds = pipeline.builds builds = pipeline.builds
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment