Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
f108153c
Commit
f108153c
authored
Jul 07, 2017
by
Kamil Trzcinski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Remove update|admin_pipeline_schedule from Project, and grant it in PipelineSchedule
parent
1ee9f7db
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
16 additions
and
22 deletions
+16
-22
app/controllers/projects/pipeline_schedules_controller.rb
app/controllers/projects/pipeline_schedules_controller.rb
+4
-0
app/policies/ci/pipeline_schedule_policy.rb
app/policies/ci/pipeline_schedule_policy.rb
+5
-16
app/policies/project_policy.rb
app/policies/project_policy.rb
+0
-2
app/views/projects/pipeline_schedules/_pipeline_schedule.html.haml
.../projects/pipeline_schedules/_pipeline_schedule.html.haml
+1
-1
lib/api/pipeline_schedules.rb
lib/api/pipeline_schedules.rb
+6
-3
No files found.
app/controllers/projects/pipeline_schedules_controller.rb
View file @
f108153c
...
@@ -73,4 +73,8 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
...
@@ -73,4 +73,8 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
def
authorize_update_pipeline_schedule!
def
authorize_update_pipeline_schedule!
return
access_denied!
unless
can?
(
current_user
,
:update_pipeline_schedule
,
schedule
)
return
access_denied!
unless
can?
(
current_user
,
:update_pipeline_schedule
,
schedule
)
end
end
def
authorize_admin_pipeline_schedule!
return
access_denied!
unless
can?
(
current_user
,
:admin_pipeline_schedule
,
schedule
)
end
end
end
app/policies/ci/pipeline_schedule_policy.rb
View file @
f108153c
...
@@ -2,24 +2,13 @@ module Ci
...
@@ -2,24 +2,13 @@ module Ci
class
PipelineSchedulePolicy
<
PipelinePolicy
class
PipelineSchedulePolicy
<
PipelinePolicy
alias_method
:pipeline_schedule
,
:subject
alias_method
:pipeline_schedule
,
:subject
condition
(
:
protected_action
)
do
condition
(
:
owner_of_schedule
)
do
owned_by_developer?
&&
owned_by_another?
can?
(
:developer_access
)
&&
pipeline_schedule
.
owned_by?
(
@user
)
end
end
rule
{
protected_action
}.
prevent
:update_pipeline_schedule
rule
{
can?
(
:master_access
)
|
owner_of_schedule
}.
policy
do
enable
:update_pipeline_schedule
private
enable
:admin_pipeline_schedule
def
owned_by_developer?
return
false
unless
@user
pipeline_schedule
.
project
.
team
.
developer?
(
@user
)
end
def
owned_by_another?
return
false
unless
@user
!
pipeline_schedule
.
owned_by?
(
@user
)
end
end
end
end
end
end
app/policies/project_policy.rb
View file @
f108153c
...
@@ -162,7 +162,6 @@ class ProjectPolicy < BasePolicy
...
@@ -162,7 +162,6 @@ class ProjectPolicy < BasePolicy
enable
:create_pipeline
enable
:create_pipeline
enable
:update_pipeline
enable
:update_pipeline
enable
:create_pipeline_schedule
enable
:create_pipeline_schedule
enable
:update_pipeline_schedule
enable
:create_merge_request
enable
:create_merge_request
enable
:create_wiki
enable
:create_wiki
enable
:push_code
enable
:push_code
...
@@ -188,7 +187,6 @@ class ProjectPolicy < BasePolicy
...
@@ -188,7 +187,6 @@ class ProjectPolicy < BasePolicy
enable
:admin_build
enable
:admin_build
enable
:admin_container_image
enable
:admin_container_image
enable
:admin_pipeline
enable
:admin_pipeline
enable
:admin_pipeline_schedule
enable
:admin_environment
enable
:admin_environment
enable
:admin_deployment
enable
:admin_deployment
enable
:admin_pages
enable
:admin_pages
...
...
app/views/projects/pipeline_schedules/_pipeline_schedule.html.haml
View file @
f108153c
...
@@ -26,7 +26,7 @@
...
@@ -26,7 +26,7 @@
=
pipeline_schedule
.
owner
&
.
name
=
pipeline_schedule
.
owner
&
.
name
%td
%td
.pull-right.btn-group
.pull-right.btn-group
-
if
can?
(
current_user
,
:update_pipeline_schedule
,
@project
)
&&
!
pipeline_schedule
.
owned_by?
(
current_user
)
-
if
can?
(
current_user
,
:update_pipeline_schedule
,
pipeline_schedule
)
=
link_to
take_ownership_pipeline_schedule_path
(
pipeline_schedule
),
method: :post
,
title:
s_
(
'PipelineSchedules|Take ownership'
),
class:
'btn'
do
=
link_to
take_ownership_pipeline_schedule_path
(
pipeline_schedule
),
method: :post
,
title:
s_
(
'PipelineSchedules|Take ownership'
),
class:
'btn'
do
=
s_
(
'PipelineSchedules|Take ownership'
)
=
s_
(
'PipelineSchedules|Take ownership'
)
-
if
can?
(
current_user
,
:update_pipeline_schedule
,
pipeline_schedule
)
-
if
can?
(
current_user
,
:update_pipeline_schedule
,
pipeline_schedule
)
...
...
lib/api/pipeline_schedules.rb
View file @
f108153c
...
@@ -74,9 +74,10 @@ module API
...
@@ -74,9 +74,10 @@ module API
optional
:active
,
type:
Boolean
,
desc:
'The activation of pipeline schedule'
optional
:active
,
type:
Boolean
,
desc:
'The activation of pipeline schedule'
end
end
put
':id/pipeline_schedules/:pipeline_schedule_id'
do
put
':id/pipeline_schedules/:pipeline_schedule_id'
do
authorize!
:
update
_pipeline_schedule
,
user_project
authorize!
:
read
_pipeline_schedule
,
user_project
not_found!
(
'PipelineSchedule'
)
unless
pipeline_schedule
not_found!
(
'PipelineSchedule'
)
unless
pipeline_schedule
authorize!
:update_pipeline_schedule
,
pipeline_schedule
if
pipeline_schedule
.
update
(
declared_params
(
include_missing:
false
))
if
pipeline_schedule
.
update
(
declared_params
(
include_missing:
false
))
present
pipeline_schedule
,
with:
Entities
::
PipelineScheduleDetails
present
pipeline_schedule
,
with:
Entities
::
PipelineScheduleDetails
...
@@ -92,9 +93,10 @@ module API
...
@@ -92,9 +93,10 @@ module API
requires
:pipeline_schedule_id
,
type:
Integer
,
desc:
'The pipeline schedule id'
requires
:pipeline_schedule_id
,
type:
Integer
,
desc:
'The pipeline schedule id'
end
end
post
':id/pipeline_schedules/:pipeline_schedule_id/take_ownership'
do
post
':id/pipeline_schedules/:pipeline_schedule_id/take_ownership'
do
authorize!
:
update
_pipeline_schedule
,
user_project
authorize!
:
read
_pipeline_schedule
,
user_project
not_found!
(
'PipelineSchedule'
)
unless
pipeline_schedule
not_found!
(
'PipelineSchedule'
)
unless
pipeline_schedule
authorize!
:update_pipeline_schedule
,
pipeline_schedule
if
pipeline_schedule
.
own!
(
current_user
)
if
pipeline_schedule
.
own!
(
current_user
)
present
pipeline_schedule
,
with:
Entities
::
PipelineScheduleDetails
present
pipeline_schedule
,
with:
Entities
::
PipelineScheduleDetails
...
@@ -110,9 +112,10 @@ module API
...
@@ -110,9 +112,10 @@ module API
requires
:pipeline_schedule_id
,
type:
Integer
,
desc:
'The pipeline schedule id'
requires
:pipeline_schedule_id
,
type:
Integer
,
desc:
'The pipeline schedule id'
end
end
delete
':id/pipeline_schedules/:pipeline_schedule_id'
do
delete
':id/pipeline_schedules/:pipeline_schedule_id'
do
authorize!
:
admin
_pipeline_schedule
,
user_project
authorize!
:
read
_pipeline_schedule
,
user_project
not_found!
(
'PipelineSchedule'
)
unless
pipeline_schedule
not_found!
(
'PipelineSchedule'
)
unless
pipeline_schedule
authorize!
:admin_pipeline_schedule
,
pipeline_schedule
status
:accepted
status
:accepted
present
pipeline_schedule
.
destroy
,
with:
Entities
::
PipelineScheduleDetails
present
pipeline_schedule
.
destroy
,
with:
Entities
::
PipelineScheduleDetails
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment