Add authorization to hooks requests

miks
1 parent 2e34a6d3
Showing 1 changed file with 3 additions and 0 deletions Show diff stats
lib/api/projects.rb
@@ -113,6 +113,7 @@ module Gitlab
       # Example Request:
       #   GET /projects/:id/hooks
       get ":id/hooks" do
+        authorize! :admin_project, user_project
         @hooks = paginate user_project.hooks
         present @hooks, with: Entities::Hook
       end
@@ -125,6 +126,7 @@ module Gitlab
       # Example Request:
       #   POST /projects/:id/hooks
       post ":id/hooks" do
+        authorize! :admin_project, user_project
         @hook = user_project.hooks.new({"url" => params[:url]})
         if @hook.save
           present @hook, with: Entities::Hook
@@ -141,6 +143,7 @@ module Gitlab
       # Example Request:
       #   DELETE /projects/:id/hooks
       delete ":id/hooks" do
+        authorize! :admin_project, user_project
         @hook = user_project.hooks.find(params[:hook_id])
         @hook.destroy
         nil
...	...	@@ -113,6 +113,7 @@ module Gitlab
113	113	# Example Request:
114	114	# GET /projects/:id/hooks
115	115	get ":id/hooks" do
	116	+ authorize! :admin_project, user_project
116	117	@hooks = paginate user_project.hooks
117	118	present @hooks, with: Entities::Hook
118	119	end
...	...	@@ -125,6 +126,7 @@ module Gitlab
125	126	# Example Request:
126	127	# POST /projects/:id/hooks
127	128	post ":id/hooks" do
	129	+ authorize! :admin_project, user_project
128	130	@hook = user_project.hooks.new({"url" => params[:url]})
129	131	if @hook.save
130	132	present @hook, with: Entities::Hook
...	...	@@ -141,6 +143,7 @@ module Gitlab
141	143	# Example Request:
142	144	# DELETE /projects/:id/hooks
143	145	delete ":id/hooks" do
	146	+ authorize! :admin_project, user_project
144	147	@hook = user_project.hooks.find(params[:hook_id])
145	148	@hook.destroy
146	149	nil
...	...