diff options
Diffstat (limited to 'lib/api/helpers.rb')
| -rw-r--r-- | lib/api/helpers.rb | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index ce7b7b497fc..c0ba874790a 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -21,5 +21,21 @@ module Gitlab def authenticate! error!({'message' => '401 Unauthorized'}, 401) unless current_user end + + def authorize! action, subject + unless abilities.allowed?(current_user, action, subject) + error!({'message' => '403 Forbidden'}, 403) + end + end + + private + + def abilities + @abilities ||= begin + abilities = Six.new + abilities << Ability + abilities + end + end end end |