Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
b84eb343
Commit
b84eb343
authored
Jul 19, 2017
by
Lin Jen-Shin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Try to merge permission checks into one
parent
7bd5e571
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
10 additions
and
10 deletions
+10
-10
app/services/ci/create_pipeline_service.rb
app/services/ci/create_pipeline_service.rb
+10
-10
No files found.
app/services/ci/create_pipeline_service.rb
View file @
b84eb343
...
...
@@ -19,18 +19,20 @@ module Ci
return
error
(
'Pipeline is disabled'
)
end
unless
trigger_request
||
can?
(
current_user
,
:create_pipeline
,
project
)
triggering_user
=
current_user
||
trigger_request
.
trigger
.
owner
unless
allowed_to_trigger_pipeline?
(
triggering_user
)
if
can?
(
triggering_user
,
:create_pipeline
,
project
)
return
error
(
"Insufficient permissions for protected ref '
#{
ref
}
'"
)
else
return
error
(
'Insufficient permissions to create a new pipeline'
)
end
end
unless
branch?
||
tag?
return
error
(
'Reference not found'
)
end
unless
triggering_user_allowed_for_ref?
(
trigger_request
)
return
error
(
"Insufficient permissions for protected ref '
#{
ref
}
'"
)
end
unless
commit
return
error
(
'Commit not found'
)
end
...
...
@@ -74,9 +76,7 @@ module Ci
pipeline
.
tap
(
&
:process!
)
end
def
triggering_user_allowed_for_ref?
(
trigger_request
)
triggering_user
=
current_user
||
trigger_request
.
trigger
.
owner
def
allowed_to_trigger_pipeline?
(
triggering_user
)
if
triggering_user
allowed_to_create?
(
triggering_user
)
else
# legacy triggers don't have a corresponding user
...
...
@@ -87,7 +87,7 @@ module Ci
def
allowed_to_create?
(
triggering_user
)
access
=
Gitlab
::
UserAccess
.
new
(
triggering_user
,
project:
project
)
Ability
.
allowed
?
(
triggering_user
,
:create_pipeline
,
project
)
&&
can
?
(
triggering_user
,
:create_pipeline
,
project
)
&&
if
branch?
access
.
can_update_branch?
(
ref
)
elsif
tag?
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment