diff options
| author | Tomasz Maczukin <tomasz@maczukin.pl> | 2015-11-20 00:29:04 +0100 |
|---|---|---|
| committer | Tomasz Maczukin <tomasz@maczukin.pl> | 2015-11-20 00:29:04 +0100 |
| commit | 85ad95be741848fbf15a01789f065e001326cefa (patch) | |
| tree | 496395e235a41b51e69c47e73e3440e5e4105666 /app/controllers/snippets_controller.rb | |
| parent | 1144b70ab624ee1c1e7f2de0c92de021a7b5ea8e (diff) | |
| parent | 0383f84d88d95183638d0e227f3446974eb4e387 (diff) | |
| download | gitlab-ce-85ad95be741848fbf15a01789f065e001326cefa.tar.gz | |
Merge branch 'master' into fix/visibility-level-setting-in-forked-projects
* master: (296 commits)
fox tests
Don't rescue Exception, but StandardError
adressing comments
Update gitlab-shell documentation [ci skip]
Align hash literals in IssuesFinder spec
Fix tests
Fix 'Attach a file' link in new tag form
Add link to git-lfs client [ci skip]
Do not limit workhorse POST/PUT size in NGINX
added specs
added spinach tests
Since GitLab CI is enabled by default, remove enabling it by pushing .gitlab-ci.yml
Fix tests
Commits without .gitlab-ci.yml are marked as skipped
Changelog entry for finding issues performance
Use a JOIN in IssuableFinder#by_project
Memoize IssuableFinder#projects
Removed trailing whitespace from IssuableFinder
Added benchmark for IssuesFinder
Updated DB schema with new issues/projects indexes
...
Conflicts:
app/models/project.rb
Diffstat (limited to 'app/controllers/snippets_controller.rb')
| -rw-r--r-- | app/controllers/snippets_controller.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb index 9f9f9a92f11..08f2483af33 100644 --- a/app/controllers/snippets_controller.rb +++ b/app/controllers/snippets_controller.rb @@ -1,6 +1,9 @@ class SnippetsController < ApplicationController before_action :snippet, only: [:show, :edit, :destroy, :update, :raw] + # Allow read snippet + before_action :authorize_read_snippet!, only: [:show] + # Allow modify snippet before_action :authorize_update_snippet!, only: [:edit, :update] @@ -79,10 +82,14 @@ class SnippetsController < ApplicationController [Snippet::PUBLIC, Snippet::INTERNAL]). find(params[:id]) else - PersonalSnippet.are_public.find(params[:id]) + PersonalSnippet.find(params[:id]) end end + def authorize_read_snippet! + authenticate_user! unless can?(current_user, :read_personal_snippet, @snippet) + end + def authorize_update_snippet! return render_404 unless can?(current_user, :update_personal_snippet, @snippet) end |