Commit 6d76e000d07300ab9e8e8c74b90db0abcdc48451
1 parent
2e34a6d3
Exists in
master
and in
4 other branches
Add authorization to hooks requests
Showing
1 changed file
with
3 additions
and
0 deletions
Show diff stats
lib/api/projects.rb
| @@ -113,6 +113,7 @@ module Gitlab | @@ -113,6 +113,7 @@ module Gitlab | ||
| 113 | # Example Request: | 113 | # Example Request: |
| 114 | # GET /projects/:id/hooks | 114 | # GET /projects/:id/hooks |
| 115 | get ":id/hooks" do | 115 | get ":id/hooks" do |
| 116 | + authorize! :admin_project, user_project | ||
| 116 | @hooks = paginate user_project.hooks | 117 | @hooks = paginate user_project.hooks |
| 117 | present @hooks, with: Entities::Hook | 118 | present @hooks, with: Entities::Hook |
| 118 | end | 119 | end |
| @@ -125,6 +126,7 @@ module Gitlab | @@ -125,6 +126,7 @@ module Gitlab | ||
| 125 | # Example Request: | 126 | # Example Request: |
| 126 | # POST /projects/:id/hooks | 127 | # POST /projects/:id/hooks |
| 127 | post ":id/hooks" do | 128 | post ":id/hooks" do |
| 129 | + authorize! :admin_project, user_project | ||
| 128 | @hook = user_project.hooks.new({"url" => params[:url]}) | 130 | @hook = user_project.hooks.new({"url" => params[:url]}) |
| 129 | if @hook.save | 131 | if @hook.save |
| 130 | present @hook, with: Entities::Hook | 132 | present @hook, with: Entities::Hook |
| @@ -141,6 +143,7 @@ module Gitlab | @@ -141,6 +143,7 @@ module Gitlab | ||
| 141 | # Example Request: | 143 | # Example Request: |
| 142 | # DELETE /projects/:id/hooks | 144 | # DELETE /projects/:id/hooks |
| 143 | delete ":id/hooks" do | 145 | delete ":id/hooks" do |
| 146 | + authorize! :admin_project, user_project | ||
| 144 | @hook = user_project.hooks.find(params[:hook_id]) | 147 | @hook = user_project.hooks.find(params[:hook_id]) |
| 145 | @hook.destroy | 148 | @hook.destroy |
| 146 | nil | 149 | nil |