summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <robert+release-tools@gitlab.com>2019-08-26 07:41:47 +0000
committerGitLab Release Tools Bot <robert+release-tools@gitlab.com>2019-08-26 07:41:47 +0000
commit01ca489511aafad63b6f557b56067937a8e41d3e (patch)
tree1411e386abc26fd10e730aeadc0259434b5b866e /app
parent12672772c0451833528bd002433b7e1e81cb686f (diff)
parent0918218d9ead5e439fcdb587a7fbe4a2ee73fa52 (diff)
downloadgitlab-ce-01ca489511aafad63b6f557b56067937a8e41d3e.tar.gz
Merge branch 'security-group-runners-permissions-12-2' into '12-2-stable'
admin_group authorization for Groups::RunnersController See merge request gitlab/gitlabhq!3362
Diffstat (limited to 'app')
-rw-r--r--app/controllers/groups/runners_controller.rb6
1 files changed, 1 insertions, 5 deletions
diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb
index f8e32451b02..af2b2cbd1fd 100644
--- a/app/controllers/groups/runners_controller.rb
+++ b/app/controllers/groups/runners_controller.rb
@@ -3,7 +3,7 @@
class Groups::RunnersController < Groups::ApplicationController
# Proper policies should be implemented per
# https://gitlab.com/gitlab-org/gitlab-ce/issues/45894
- before_action :authorize_admin_pipeline!
+ before_action :authorize_admin_group!
before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show]
@@ -50,10 +50,6 @@ class Groups::RunnersController < Groups::ApplicationController
@runner ||= @group.runners.find(params[:id])
end
- def authorize_admin_pipeline!
- return render_404 unless can?(current_user, :admin_pipeline, group)
- end
-
def runner_params
params.require(:runner).permit(Ci::Runner::FORM_EDITABLE)
end
View Lorry Controller Status