Commit 05d5485d authored by Robert Speicher's avatar Robert Speicher

Merge branch 'new-tag-branch-authorization' into 'master'

Add authorization to new branch/tag pages.

The create actions have authorization, the new actions didn't,
so no-one unauthorized could actually do anything, but it was wrong(TM).

See merge request !1979
parents bcf74d6e a89d6d14
...@@ -3,7 +3,7 @@ class Projects::BranchesController < Projects::ApplicationController ...@@ -3,7 +3,7 @@ class Projects::BranchesController < Projects::ApplicationController
# Authorize # Authorize
before_action :require_non_empty_project before_action :require_non_empty_project
before_action :authorize_download_code! before_action :authorize_download_code!
before_action :authorize_push_code!, only: [:create, :destroy] before_action :authorize_push_code!, only: [:new, :create, :destroy]
def index def index
@sort = params[:sort] || 'name' @sort = params[:sort] || 'name'
......
...@@ -2,7 +2,7 @@ class Projects::TagsController < Projects::ApplicationController ...@@ -2,7 +2,7 @@ class Projects::TagsController < Projects::ApplicationController
# Authorize # Authorize
before_action :require_non_empty_project before_action :require_non_empty_project
before_action :authorize_download_code! before_action :authorize_download_code!
before_action :authorize_push_code!, only: [:create] before_action :authorize_push_code!, only: [:new, :create]
before_action :authorize_admin_project!, only: [:destroy] before_action :authorize_admin_project!, only: [:destroy]
def index def index
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment