From 131ca31b23863226e57e0e3dd2ea78f91573f631 Mon Sep 17 00:00:00 2001
From: Dylan Griffith <dyl.griffith@gmail.com>
Date: Mon, 7 May 2018 08:56:59 +0200
Subject: [PATCH] Add a comment about implementing proper policies for group
 runner permissions

---
 app/controllers/groups/runners_controller.rb      | 3 +++
 app/views/groups/runners/_group_runners.html.haml | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb
index 152966e0fbc..c09ae335882 100644
--- a/app/controllers/groups/runners_controller.rb
+++ b/app/controllers/groups/runners_controller.rb
@@ -1,5 +1,8 @@
 class Groups::RunnersController < Groups::ApplicationController
+  # Proper policies should be implemented per
+  # https://gitlab.com/gitlab-org/gitlab-ce/issues/45894
   before_action :authorize_admin_pipeline!
+
   before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show]
 
   def show
diff --git a/app/views/groups/runners/_group_runners.html.haml b/app/views/groups/runners/_group_runners.html.haml
index d1616b537f9..f0e8735b54e 100644
--- a/app/views/groups/runners/_group_runners.html.haml
+++ b/app/views/groups/runners/_group_runners.html.haml
@@ -4,6 +4,8 @@
   GitLab Group Runners can execute code for all the projects in this group.
   They can be managed using the #{link_to 'Runners API', help_page_path('api/runners.md')}.
 
+-# Proper policies should be implemented per
+-# https://gitlab.com/gitlab-org/gitlab-ce/issues/45894
 - if can?(current_user, :admin_pipeline, @group)
   = render partial: 'ci/runner/how_to_setup_runner',
            locals: { registration_token: @group.runners_token, type: 'group' }