Authorize read_pipeline before read_build

2018-12-18 14:36:26 +01:00 · 2018-12-18 14:36:26 +01:00 · 89b856e76c
commit 89b856e76c
parent a1c77f2d34
1 changed files with 1 additions and 0 deletions
--- a/lib/api/jobs.rb
+++ b/lib/api/jobs.rb
@ -59,6 +59,7 @@ module API
      # rubocop: disable CodeReuse/ActiveRecord
      get ':id/pipelines/:pipeline_id/jobs' do
        pipeline = user_project.ci_pipelines.find(params[:pipeline_id])
+        authorize!(:read_pipeline, user_project)
        authorize!(:read_build, pipeline)

        builds = pipeline.builds