diff options
| author | Filipa Lacerda <filipa@gitlab.com> | 2017-05-07 15:00:58 +0100 |
|---|---|---|
| committer | Filipa Lacerda <filipa@gitlab.com> | 2017-05-07 15:00:58 +0100 |
| commit | 842918602dbe622dc20593c0abea5293e304ac62 (patch) | |
| tree | c748164aab8cfa43fe3332640c60e3308b4e9c29 /app/controllers/projects/builds_controller.rb | |
| parent | 214d7880c3d651b367eb73651a6e0e3046868287 (diff) | |
| parent | 6ad3814e1b31bfacfae7a2aabb4e4607b12ca66f (diff) | |
| download | gitlab-ce-remove-old-isobject.tar.gz | |
Merge branch 'master' into remove-old-isobjectremove-old-isobject
* master: (226 commits)
Real time pipeline show action
Fix `Routable.find_by_full_path` on MySQL
add CHANGELOG.md entry for !11138
add tooltips to user contrib graph key
Use an absolute path for locale path in FastGettext config
Colorize labels in issue search field
Fix Karma failures for jQuery deferreds
Reduce risk of deadlocks
Fix failing spec and eslint
Resolve discussions
Resolve discussions
Dry up routable lookups. Fixes #30317
Add “project moved” flash message on redirect
Resolve discussions
Fix Rubocop failures
Index redirect_routes path for LIKE
Add index for source association and for path
Fix or workaround spec failure
Refactor
Delete conflicting redirects
...
Diffstat (limited to 'app/controllers/projects/builds_controller.rb')
| -rw-r--r-- | app/controllers/projects/builds_controller.rb | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb index e24fc45d166..0fd35bcb790 100644 --- a/app/controllers/projects/builds_controller.rb +++ b/app/controllers/projects/builds_controller.rb @@ -1,7 +1,11 @@ class Projects::BuildsController < Projects::ApplicationController before_action :build, except: [:index, :cancel_all] - before_action :authorize_read_build!, only: [:index, :show, :status, :raw, :trace] - before_action :authorize_update_build!, except: [:index, :show, :status, :raw, :trace] + + before_action :authorize_read_build!, + only: [:index, :show, :status, :raw, :trace] + before_action :authorize_update_build!, + except: [:index, :show, :status, :raw, :trace, :cancel_all] + layout 'project' def index @@ -28,7 +32,12 @@ class Projects::BuildsController < Projects::ApplicationController end def cancel_all - @project.builds.running_or_pending.each(&:cancel) + return access_denied! unless can?(current_user, :update_build, project) + + @project.builds.running_or_pending.each do |build| + build.cancel if can?(current_user, :update_build, build) + end + redirect_to namespace_project_builds_path(project.namespace, project) end @@ -107,8 +116,13 @@ class Projects::BuildsController < Projects::ApplicationController private + def authorize_update_build! + return access_denied! unless can?(current_user, :update_build, build) + end + def build - @build ||= project.builds.find_by!(id: params[:id]).present(current_user: current_user) + @build ||= project.builds.find(params[:id]) + .present(current_user: current_user) end def build_path(build) |