Improve authorization for new/edit blob pages
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
This commit is contained in:
parent
4645f464a3
commit
237ddd6024
|
@ -6,6 +6,7 @@ class Projects::BlobController < Projects::ApplicationController
|
|||
before_filter :authorize_read_project!
|
||||
before_filter :authorize_code_access!
|
||||
before_filter :require_non_empty_project
|
||||
before_filter :authorize_push!, only: [:destroy]
|
||||
|
||||
before_filter :blob
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
class Projects::EditTreeController < Projects::BaseTreeController
|
||||
before_filter :require_branch_head
|
||||
before_filter :blob
|
||||
before_filter :authorize_push!
|
||||
|
||||
def show
|
||||
@last_commit = Gitlab::Git::Commit.last_for_path(@repository, @ref, @path).sha
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
class Projects::NewTreeController < Projects::BaseTreeController
|
||||
before_filter :require_branch_head
|
||||
before_filter :authorize_push!
|
||||
|
||||
def show
|
||||
end
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
= link_to truncate(title, length: 40), project_tree_path(@project, path)
|
||||
- else
|
||||
= link_to title, '#'
|
||||
- if @repository.branch_names.include?(@ref)
|
||||
- if current_user && @repository.branch_names.include?(@ref) && current_user.can?(:push_code, @project)
|
||||
%li
|
||||
= link_to project_new_tree_path(@project, @id), title: 'New file', id: 'new-file-link' do
|
||||
%small
|
||||
|
|
Loading…
Reference in New Issue