Add a comment about implementing proper policies for group runner permissions

This commit is contained in:
Dylan Griffith 2018-05-07 08:56:59 +02:00
parent 8f29d9c6ee
commit 131ca31b23
2 changed files with 5 additions and 0 deletions

View file

@ -1,5 +1,8 @@
class Groups::RunnersController < Groups::ApplicationController
# Proper policies should be implemented per
# https://gitlab.com/gitlab-org/gitlab-ce/issues/45894
before_action :authorize_admin_pipeline!
before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show]
def show

View file

@ -4,6 +4,8 @@
GitLab Group Runners can execute code for all the projects in this group.
They can be managed using the #{link_to 'Runners API', help_page_path('api/runners.md')}.
-# Proper policies should be implemented per
-# https://gitlab.com/gitlab-org/gitlab-ce/issues/45894
- if can?(current_user, :admin_pipeline, @group)
= render partial: 'ci/runner/how_to_setup_runner',
locals: { registration_token: @group.runners_token, type: 'group' }