Clean Ci::ApplicationController from unused permission related code
This commit is contained in:
parent
627909c2a4
commit
8670411ae7
2 changed files with 2 additions and 50 deletions
|
@ -3,52 +3,5 @@ module Ci
|
||||||
def self.railtie_helpers_paths
|
def self.railtie_helpers_paths
|
||||||
"app/helpers/ci"
|
"app/helpers/ci"
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
|
||||||
|
|
||||||
def authorize_access_project!
|
|
||||||
unless can?(current_user, :read_project, project)
|
|
||||||
return page_404
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def authorize_manage_builds!
|
|
||||||
unless can?(current_user, :update_build, project)
|
|
||||||
return page_404
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def authenticate_admin!
|
|
||||||
return render_404 unless current_user.is_admin?
|
|
||||||
end
|
|
||||||
|
|
||||||
def authorize_manage_project!
|
|
||||||
unless can?(current_user, :admin_project, project)
|
|
||||||
return page_404
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def page_404
|
|
||||||
render file: "#{Rails.root}/public/404.html", status: 404, layout: false
|
|
||||||
end
|
|
||||||
|
|
||||||
def default_headers
|
|
||||||
headers['X-Frame-Options'] = 'DENY'
|
|
||||||
headers['X-XSS-Protection'] = '1; mode=block'
|
|
||||||
end
|
|
||||||
|
|
||||||
# JSON for infinite scroll via Pager object
|
|
||||||
def pager_json(partial, count)
|
|
||||||
html = render_to_string(
|
|
||||||
partial,
|
|
||||||
layout: false,
|
|
||||||
formats: [:html]
|
|
||||||
)
|
|
||||||
|
|
||||||
render json: {
|
|
||||||
html: html,
|
|
||||||
count: count
|
|
||||||
}
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,8 +1,7 @@
|
||||||
module Ci
|
module Ci
|
||||||
class ProjectsController < Ci::ApplicationController
|
class ProjectsController < Ci::ApplicationController
|
||||||
before_action :project, except: [:index]
|
before_action :project
|
||||||
before_action :authenticate_user!, except: [:index, :build, :badge]
|
before_action :authorize_read_project!, except: [:badge]
|
||||||
before_action :authorize_access_project!, except: [:index, :badge]
|
|
||||||
before_action :no_cache, only: [:badge]
|
before_action :no_cache, only: [:badge]
|
||||||
protect_from_forgery
|
protect_from_forgery
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue