Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
9ea5766c
Commit
9ea5766c
authored
Jul 17, 2013
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Improve permissions on tags/branches
parent
29306dd6
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
11 additions
and
3 deletions
+11
-3
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+4
-0
app/controllers/projects/branches_controller.rb
app/controllers/projects/branches_controller.rb
+3
-1
app/controllers/projects/tags_controller.rb
app/controllers/projects/tags_controller.rb
+3
-2
app/views/projects/repositories/_filter.html.haml
app/views/projects/repositories/_filter.html.haml
+1
-0
No files found.
app/controllers/application_controller.rb
View file @
9ea5766c
...
@@ -91,6 +91,10 @@ class ApplicationController < ActionController::Base
...
@@ -91,6 +91,10 @@ class ApplicationController < ActionController::Base
return
access_denied!
unless
can?
(
current_user
,
:download_code
,
project
)
or
project
.
public?
return
access_denied!
unless
can?
(
current_user
,
:download_code
,
project
)
or
project
.
public?
end
end
def
authorize_push!
return
access_denied!
unless
can?
(
current_user
,
:push_code
,
project
)
end
def
authorize_create_team!
def
authorize_create_team!
return
access_denied!
unless
can?
(
current_user
,
:create_team
,
nil
)
return
access_denied!
unless
can?
(
current_user
,
:create_team
,
nil
)
end
end
...
...
app/controllers/projects/branches_controller.rb
View file @
9ea5766c
...
@@ -3,7 +3,9 @@ class Projects::BranchesController < Projects::ApplicationController
...
@@ -3,7 +3,9 @@ class Projects::BranchesController < Projects::ApplicationController
before_filter
:authorize_read_project!
before_filter
:authorize_read_project!
before_filter
:require_non_empty_project
before_filter
:require_non_empty_project
before_filter
:authorize_admin_project!
,
only:
[
:destroy
,
:create
]
before_filter
:authorize_code_access!
before_filter
:authorize_push!
,
only:
[
:create
]
before_filter
:authorize_admin_project!
,
only:
[
:destroy
]
def
index
def
index
@branches
=
Kaminari
.
paginate_array
(
@repository
.
branches
).
page
(
params
[
:page
]).
per
(
30
)
@branches
=
Kaminari
.
paginate_array
(
@repository
.
branches
).
page
(
params
[
:page
]).
per
(
30
)
...
...
app/controllers/projects/tags_controller.rb
View file @
9ea5766c
class
Projects::TagsController
<
Projects
::
ApplicationController
class
Projects::TagsController
<
Projects
::
ApplicationController
# Authorize
# Authorize
before_filter
:authorize_read_project!
before_filter
:authorize_read_project!
before_filter
:authorize_code_access!
before_filter
:require_non_empty_project
before_filter
:require_non_empty_project
before_filter
:authorize_admin_project!
,
only:
[
:destroy
,
:create
]
before_filter
:authorize_code_access!
before_filter
:authorize_push!
,
only:
[
:create
]
before_filter
:authorize_admin_project!
,
only:
[
:destroy
]
def
index
def
index
@tags
=
Kaminari
.
paginate_array
(
@project
.
repository
.
tags
).
page
(
params
[
:page
]).
per
(
30
)
@tags
=
Kaminari
.
paginate_array
(
@project
.
repository
.
tags
).
page
(
params
[
:page
]).
per
(
30
)
...
...
app/views/projects/repositories/_filter.html.haml
View file @
9ea5766c
...
@@ -10,6 +10,7 @@
...
@@ -10,6 +10,7 @@
%hr
%hr
-
if
can?
current_user
,
:push_code
,
@project
=
link_to
new_project_branch_path
(
@project
),
class:
'btn btn-create'
do
=
link_to
new_project_branch_path
(
@project
),
class:
'btn btn-create'
do
%i
.icon-add-sign
%i
.icon-add-sign
New branch
New branch
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment