Use Ability to check pre-requisite. Change back to 403 because:
If we're using `can?` it would look weird to use 409
This commit is contained in:
parent
deb5509f7b
commit
23a3ce946a
|
@ -6,8 +6,7 @@ class Projects::RunnerProjectsController < Projects::ApplicationController
|
||||||
def create
|
def create
|
||||||
@runner = Ci::Runner.find(params[:runner_project][:runner_id])
|
@runner = Ci::Runner.find(params[:runner_project][:runner_id])
|
||||||
|
|
||||||
return head(409) if @runner.is_shared? || @runner.locked?
|
return head(403) unless can?(current_user, :assign_runner, @runner)
|
||||||
return head(409) unless current_user.ci_authorized_runners.include?(@runner)
|
|
||||||
|
|
||||||
path = runners_path(project)
|
path = runners_path(project)
|
||||||
runner_project = @runner.assign_to(project, current_user)
|
runner_project = @runner.assign_to(project, current_user)
|
||||||
|
|
|
@ -19,6 +19,7 @@ class Ability
|
||||||
when ProjectMember then project_member_abilities(user, subject)
|
when ProjectMember then project_member_abilities(user, subject)
|
||||||
when User then user_abilities
|
when User then user_abilities
|
||||||
when ExternalIssue, Deployment, Environment then project_abilities(user, subject.project)
|
when ExternalIssue, Deployment, Environment then project_abilities(user, subject.project)
|
||||||
|
when Ci::Runner then runner_abilities(user, subject)
|
||||||
else []
|
else []
|
||||||
end.concat(global_abilities(user))
|
end.concat(global_abilities(user))
|
||||||
end
|
end
|
||||||
|
@ -512,6 +513,18 @@ class Ability
|
||||||
rules
|
rules
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def runner_abilities(user, runner)
|
||||||
|
if user.is_admin?
|
||||||
|
[:assign_runner]
|
||||||
|
elsif runner.is_shared? || runner.locked?
|
||||||
|
[]
|
||||||
|
elsif user.ci_authorized_runners.include?(runner)
|
||||||
|
[:assign_runner]
|
||||||
|
else
|
||||||
|
[]
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def user_abilities
|
def user_abilities
|
||||||
[:read_user]
|
[:read_user]
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue