Respect authorization in Repository API

* dont allow protect/unprotect branches for users without master permissions * dont allow access to Repository api for guests
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-09-29 16:04:57 +0300
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-09-29 16:04:57 +0300
commit: 726fa6c76afc9162fe046439f7f11b729190aaa6 (patch)
tree: 273e4146624e29f0c00e3acf21675248cce78d74 /lib/api/helpers.rb
parent: 1df225bb384ad53ca081bdda85a805105a3eff7c (diff)
download: gitlab-ce-726fa6c76afc9162fe046439f7f11b729190aaa6.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 4f189f35196..fdde6d5de6c 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -64,6 +64,10 @@ module API
       end
     end
 
+    def authorize_admin_project
+      authorize! :admin_project, user_project
+    end
+
     def can?(object, action, subject)
       abilities.allowed?(object, action, subject)
     end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-09-29 16:04:57 +0300
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-09-29 16:04:57 +0300
commit	726fa6c76afc9162fe046439f7f11b729190aaa6 (patch)
tree	273e4146624e29f0c00e3acf21675248cce78d74 /lib/api/helpers.rb
parent	1df225bb384ad53ca081bdda85a805105a3eff7c (diff)
download	gitlab-ce-726fa6c76afc9162fe046439f7f11b729190aaa6.tar.gz