Add authorization to Projects::Boards::IssuesController#create action

2016-10-04 15:37:13 -03:00 · 2016-10-04 15:37:13 -03:00 · e7a4bbb04a
parent 905af84716
commit e7a4bbb04a
1 changed files with 5 additions and 0 deletions
--- a/app/controllers/projects/boards/issues_controller.rb
+++ b/app/controllers/projects/boards/issues_controller.rb
@ -2,6 +2,7 @@ module Projects
  module Boards
    class IssuesController < Boards::ApplicationController
      before_action :authorize_read_issue!, only: [:index]
+      before_action :authorize_create_issue!, only: [:create]
      before_action :authorize_update_issue!, only: [:update]

      def index
@ -52,6 +53,10 @@ module Projects
        return render_403 unless can?(current_user, :read_issue, project)
      end

+      def authorize_create_issue!
+        return render_403 unless can?(current_user, :admin_issue, project)
+      end
+
      def authorize_update_issue!
        return render_403 unless can?(current_user, :update_issue, issue)
      end