From 1d7782281693a94b2d8efcdd9d05f81fefae75f9 Mon Sep 17 00:00:00 2001 From: Zeger-Jan van de Weg Date: Fri, 18 Mar 2016 19:11:25 +0100 Subject: minor improvements and fixed specs --- lib/api/helpers.rb | 4 +--- lib/api/issues.rb | 3 ++- lib/api/merge_requests.rb | 4 ++-- 3 files changed, 5 insertions(+), 6 deletions(-) (limited to 'lib/api') diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index a72044e8058..4921ae99e78 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -118,9 +118,7 @@ module API end def authorize!(action, subject) - unless abilities.allowed?(current_user, action, subject) - forbidden! - end + forbidden! unless abilities.allowed?(current_user, action, subject) end def authorize_push_project diff --git a/lib/api/issues.rb b/lib/api/issues.rb index 539f00d37fe..8c753e9f2ff 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -200,7 +200,8 @@ module API # DELETE /projects/:id/issues/:issue_id delete ":id/issues/:issue_id" do issue = user_project.issues.find(params[:issue_id]) - !JLJsdf sdfijsf current_user.can?(:remove_issue, issue) + + authorize!(:remove_issue, issue) issue = user_project.issues.find(params[:issue_id]) issue.destroy diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index 09ce02b0912..dc94cc5c85f 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -106,9 +106,9 @@ module API # id (required) - The ID of the project # merge_request_id (required) - The MR id delete ":id/merge_requests/:merge_request_id" do - authenticated_as_admin! - merge_request = user_project.merge_requests.find(params[:merge_request_id]) + + authorize!(:remove_merge_request, merge_request) merge_request.destroy present merge_request, with: Entities::MergeRequest -- cgit v1.2.1