Commit 60d1dcb8 authored by Robert Speicher's avatar Robert Speicher Committed by Robert Speicher

Merge branch 'fix-users-deleting-public-deployment-keys' into 'security'

Fix users being able to delete instance public deployment keys

See merge request !2049
parent 30d5e9fa
---
title: Prevent users from deleting system deploy keys via the project deploy key API
merge_request:
author:
...@@ -105,15 +105,19 @@ module API ...@@ -105,15 +105,19 @@ module API
present key.deploy_key, with: Entities::SSHKey present key.deploy_key, with: Entities::SSHKey
end end
desc 'Delete existing deploy key of currently authenticated user' do desc 'Delete deploy key for a project' do
success Key success Key
end end
params do params do
requires :key_id, type: Integer, desc: 'The ID of the deploy key' requires :key_id, type: Integer, desc: 'The ID of the deploy key'
end end
delete ":id/#{path}/:key_id" do delete ":id/#{path}/:key_id" do
key = user_project.deploy_keys.find(params[:key_id]) key = user_project.deploy_keys_projects.find_by(deploy_key_id: params[:key_id])
if key
key.destroy key.destroy
else
not_found!('Deploy Key')
end
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment