Add a comment about implementing proper policies for group runner permissions

131ca31b · Dylan Griffith · 8f29d9c6 · 131ca31b · 131ca31b
Commit 131ca31b authored May 07, 2018 by Dylan Griffith
Showing with 5 additions and 0 deletions

app/controllers/groups/runners_controller.rb app/controllers/groups/runners_controller.rb +3 -0

app/views/groups/runners/_group_runners.html.haml app/views/groups/runners/_group_runners.html.haml +2 -0

No files found.
--- a/app/controllers/groups/runners_controller.rb
+++ b/app/controllers/groups/runners_controller.rb
 class Groups::RunnersController < Groups::ApplicationController
+  # Proper policies should be implemented per
+  # https://gitlab.com/gitlab-org/gitlab-ce/issues/45894
  before_action :authorize_admin_pipeline!
  before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show]
  def show

--- a/app/views/groups/runners/_group_runners.html.haml
+++ b/app/views/groups/runners/_group_runners.html.haml
@@ -4,6 +4,8 @@
  GitLab Group Runners can execute code for all the projects in this group.
  They can be managed using the #{link_to 'Runners API', help_page_path('api/runners.md')}.
+-# Proper policies should be implemented per
+-# https://gitlab.com/gitlab-org/gitlab-ce/issues/45894
 - if can?(current_user, :admin_pipeline, @group)
  = render partial: 'ci/runner/how_to_setup_runner',
           locals: { registration_token: @group.runners_token, type: 'group' }