Use Ability to check pre-requisite. Change back to 403 because:
If we're using `can?` it would look weird to use 409
This commit is contained in:
parent
deb5509f7b
commit
23a3ce946a
|
@ -6,8 +6,7 @@ class Projects::RunnerProjectsController < Projects::ApplicationController
|
|||
def create
|
||||
@runner = Ci::Runner.find(params[:runner_project][:runner_id])
|
||||
|
||||
return head(409) if @runner.is_shared? || @runner.locked?
|
||||
return head(409) unless current_user.ci_authorized_runners.include?(@runner)
|
||||
return head(403) unless can?(current_user, :assign_runner, @runner)
|
||||
|
||||
path = runners_path(project)
|
||||
runner_project = @runner.assign_to(project, current_user)
|
||||
|
|
|
@ -19,6 +19,7 @@ class Ability
|
|||
when ProjectMember then project_member_abilities(user, subject)
|
||||
when User then user_abilities
|
||||
when ExternalIssue, Deployment, Environment then project_abilities(user, subject.project)
|
||||
when Ci::Runner then runner_abilities(user, subject)
|
||||
else []
|
||||
end.concat(global_abilities(user))
|
||||
end
|
||||
|
@ -512,6 +513,18 @@ class Ability
|
|||
rules
|
||||
end
|
||||
|
||||
def runner_abilities(user, runner)
|
||||
if user.is_admin?
|
||||
[:assign_runner]
|
||||
elsif runner.is_shared? || runner.locked?
|
||||
[]
|
||||
elsif user.ci_authorized_runners.include?(runner)
|
||||
[:assign_runner]
|
||||
else
|
||||
[]
|
||||
end
|
||||
end
|
||||
|
||||
def user_abilities
|
||||
[:read_user]
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue