Add authorization to hooks requests

author: miks <miks@cubesystems.lv> 2012-09-10 16:50:01 +0300
committer: miks <miks@cubesystems.lv> 2012-09-10 16:50:01 +0300
commit: 6d76e000d07300ab9e8e8c74b90db0abcdc48451 (patch)
tree: a6826dbabbdca428b19e9f1a77222b075b486043 /lib/api/projects.rb
parent: 2e34a6d3c40a60ed689de5d7870fe663b1959e88 (diff)
download: gitlab-ce-6d76e000d07300ab9e8e8c74b90db0abcdc48451.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index dfdd359c2b2..cf23dc5f538 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -113,6 +113,7 @@ module Gitlab
       # Example Request:
       #   GET /projects/:id/hooks
       get ":id/hooks" do
+        authorize! :admin_project, user_project
         @hooks = paginate user_project.hooks
         present @hooks, with: Entities::Hook
       end
@@ -125,6 +126,7 @@ module Gitlab
       # Example Request:
       #   POST /projects/:id/hooks
       post ":id/hooks" do
+        authorize! :admin_project, user_project
         @hook = user_project.hooks.new({"url" => params[:url]})
         if @hook.save
           present @hook, with: Entities::Hook
@@ -141,6 +143,7 @@ module Gitlab
       # Example Request:
       #   DELETE /projects/:id/hooks
       delete ":id/hooks" do
+        authorize! :admin_project, user_project
         @hook = user_project.hooks.find(params[:hook_id])
         @hook.destroy
         nil
author	miks <miks@cubesystems.lv>	2012-09-10 16:50:01 +0300
committer	miks <miks@cubesystems.lv>	2012-09-10 16:50:01 +0300
commit	6d76e000d07300ab9e8e8c74b90db0abcdc48451 (patch)
tree	a6826dbabbdca428b19e9f1a77222b075b486043 /lib/api/projects.rb
parent	2e34a6d3c40a60ed689de5d7870fe663b1959e88 (diff)
download	gitlab-ce-6d76e000d07300ab9e8e8c74b90db0abcdc48451.tar.gz