diff options
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/helpers.rb | 4 | ||||
| -rw-r--r-- | lib/api/issues.rb | 3 | ||||
| -rw-r--r-- | lib/api/merge_requests.rb | 4 |
3 files changed, 5 insertions, 6 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index a72044e8058..4921ae99e78 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -118,9 +118,7 @@ module API end def authorize!(action, subject) - unless abilities.allowed?(current_user, action, subject) - forbidden! - end + forbidden! unless abilities.allowed?(current_user, action, subject) end def authorize_push_project diff --git a/lib/api/issues.rb b/lib/api/issues.rb index 539f00d37fe..8c753e9f2ff 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -200,7 +200,8 @@ module API # DELETE /projects/:id/issues/:issue_id delete ":id/issues/:issue_id" do issue = user_project.issues.find(params[:issue_id]) - !JLJsdf sdfijsf current_user.can?(:remove_issue, issue) + + authorize!(:remove_issue, issue) issue = user_project.issues.find(params[:issue_id]) issue.destroy diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index 09ce02b0912..dc94cc5c85f 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -106,9 +106,9 @@ module API # id (required) - The ID of the project # merge_request_id (required) - The MR id delete ":id/merge_requests/:merge_request_id" do - authenticated_as_admin! - merge_request = user_project.merge_requests.find(params[:merge_request_id]) + + authorize!(:remove_merge_request, merge_request) merge_request.destroy present merge_request, with: Entities::MergeRequest |