From 726fa6c76afc9162fe046439f7f11b729190aaa6 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Sun, 29 Sep 2013 16:04:57 +0300
Subject: Respect authorization in Repository API

* dont allow protect/unprotect branches for users without master permissions
* dont allow access to Repository api for guests
---
 lib/api/helpers.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib/api/helpers.rb')

diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 4f189f35196..fdde6d5de6c 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -64,6 +64,10 @@ module API
       end
     end
 
+    def authorize_admin_project
+      authorize! :admin_project, user_project
+    end
+
     def can?(object, action, subject)
       abilities.allowed?(object, action, subject)
     end
-- 
cgit v1.2.1