From 28dabc67f4db8271ac20c0db458ae2c86a906eee Mon Sep 17 00:00:00 2001 From: Thong Kuah Date: Wed, 31 Oct 2018 23:31:24 +1300 Subject: Restore 403 functionality for external auth (EE) When we unhooked ClustersController from Project::ApplicationsController, we missed an EE override to handle_not_found_or_authorized. Rather than carry on with override RoutingActions, make a specific proc for Project that we override in EE instead. Use that proc in both Clusters::BaseController and Project::ApplicationsController. --- app/controllers/projects/application_controller.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'app/controllers/projects/application_controller.rb') diff --git a/app/controllers/projects/application_controller.rb b/app/controllers/projects/application_controller.rb index a2bdcaefa9b..e0677ce3fbc 100644 --- a/app/controllers/projects/application_controller.rb +++ b/app/controllers/projects/application_controller.rb @@ -3,6 +3,7 @@ class Projects::ApplicationController < ApplicationController include CookiesHelper include RoutableActions + include ProjectUnauthorized include ChecksCollaboration skip_before_action :authenticate_user! @@ -21,7 +22,7 @@ class Projects::ApplicationController < ApplicationController path = File.join(params[:namespace_id], params[:project_id] || params[:id]) auth_proc = ->(project) { !project.pending_delete? } - @project = find_routable!(Project, path, extra_authorization_proc: auth_proc) + @project = find_routable!(Project, path, extra_authorization_proc: auth_proc, not_found_or_authorized_proc: project_unauthorized_proc) end def build_canonical_path(project) -- cgit v1.2.1