diff options
| author | Robert Speicher <robert@gitlab.com> | 2015-11-19 17:22:20 +0000 |
|---|---|---|
| committer | Robert Speicher <robert@gitlab.com> | 2015-11-19 17:22:20 +0000 |
| commit | 56476f18475deb896c09b47e967dc5146f66778b (patch) | |
| tree | 24b7ba2336f37923671aa5d9e958f6fd7ae23f61 /app/controllers/snippets_controller.rb | |
| parent | 3a85c93a7a077312aa13c0078c6b32719eb930ae (diff) | |
| parent | 08dc38223e0c18233052e04ac95a4f6942fcb1b5 (diff) | |
| download | gitlab-ce-56476f18475deb896c09b47e967dc5146f66778b.tar.gz | |
Merge branch 'dbalexandre/gitlab-ce-fix-personal-snippet-access-workflow' into 'master'
Improve personal snippet access workflow.
Replaces !1709
Fixes #3258
See merge request !1817
Diffstat (limited to 'app/controllers/snippets_controller.rb')
| -rw-r--r-- | app/controllers/snippets_controller.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb index 9f9f9a92f11..08f2483af33 100644 --- a/app/controllers/snippets_controller.rb +++ b/app/controllers/snippets_controller.rb @@ -1,6 +1,9 @@ class SnippetsController < ApplicationController before_action :snippet, only: [:show, :edit, :destroy, :update, :raw] + # Allow read snippet + before_action :authorize_read_snippet!, only: [:show] + # Allow modify snippet before_action :authorize_update_snippet!, only: [:edit, :update] @@ -79,10 +82,14 @@ class SnippetsController < ApplicationController [Snippet::PUBLIC, Snippet::INTERNAL]). find(params[:id]) else - PersonalSnippet.are_public.find(params[:id]) + PersonalSnippet.find(params[:id]) end end + def authorize_read_snippet! + authenticate_user! unless can?(current_user, :read_personal_snippet, @snippet) + end + def authorize_update_snippet! return render_404 unless can?(current_user, :update_personal_snippet, @snippet) end |