diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-02-01 23:58:04 +0100 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-02-02 09:18:08 +0100 |
| commit | 055afab5c7d33d061d339c270bd258ed847450f3 (patch) | |
| tree | e72ba0bc495456f3f106d23576810cec4238af21 /app/controllers/projects/commit_controller.rb | |
| parent | 7df149bb63c91792fb958db87b24bb120463a49e (diff) | |
| download | gitlab-ce-055afab5c7d33d061d339c270bd258ed847450f3.tar.gz | |
Make the CI permission model simpler
This MR simplifies CI permission model:
- read_build: allows to read a list of builds, artifacts and trace
- update_build: allows to cancel and retry builds
- create_build: allows to create builds from gitlab-ci.yml (not yet implemented)
- admin_build: allows to manage triggers, runners and variables
- read_commit_status: allows to read a list of commit statuses (including the overall of builds)
- create_commit_status: allows to create a new commit status using API
Remove all extra methods to manage permission.
Made all controllers to use explicitly the new permissions.
Diffstat (limited to 'app/controllers/projects/commit_controller.rb')
| -rw-r--r-- | app/controllers/projects/commit_controller.rb | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb index f5a169e5aa9..2bf367d2a25 100644 --- a/app/controllers/projects/commit_controller.rb +++ b/app/controllers/projects/commit_controller.rb @@ -4,10 +4,10 @@ class Projects::CommitController < Projects::ApplicationController # Authorize before_action :require_non_empty_project - before_action :authorize_download_code!, except: [:cancel_builds] - before_action :authorize_manage_builds!, only: [:cancel_builds] + before_action :authorize_download_code!, except: [:cancel_builds, :retry_builds] + before_action :authorize_update_build!, only: [:cancel_builds, :retry_builds] + before_action :authorize_read_commit_status!, only: [:builds] before_action :commit - before_action :authorize_manage_builds!, only: [:cancel_builds, :retry_builds] before_action :define_show_vars, only: [:show, :builds] def show @@ -77,10 +77,4 @@ class Projects::CommitController < Projects::ApplicationController @statuses = ci_commit.statuses if ci_commit end - - def authorize_manage_builds! - unless can?(current_user, :manage_builds, project) - return render_404 - end - end end |