Commit 9ea5766c3554843b88bfb65de48872ccd50363e7
1 parent
29306dd6
Exists in
master
and in
4 other branches
Improve permissions on tags/branches
Showing
4 changed files
with
11 additions
and
3 deletions
Show diff stats
app/controllers/application_controller.rb
| @@ -91,6 +91,10 @@ class ApplicationController < ActionController::Base | @@ -91,6 +91,10 @@ class ApplicationController < ActionController::Base | ||
| 91 | return access_denied! unless can?(current_user, :download_code, project) or project.public? | 91 | return access_denied! unless can?(current_user, :download_code, project) or project.public? |
| 92 | end | 92 | end |
| 93 | 93 | ||
| 94 | + def authorize_push! | ||
| 95 | + return access_denied! unless can?(current_user, :push_code, project) | ||
| 96 | + end | ||
| 97 | + | ||
| 94 | def authorize_create_team! | 98 | def authorize_create_team! |
| 95 | return access_denied! unless can?(current_user, :create_team, nil) | 99 | return access_denied! unless can?(current_user, :create_team, nil) |
| 96 | end | 100 | end |
app/controllers/projects/branches_controller.rb
| @@ -3,7 +3,9 @@ class Projects::BranchesController < Projects::ApplicationController | @@ -3,7 +3,9 @@ class Projects::BranchesController < Projects::ApplicationController | ||
| 3 | before_filter :authorize_read_project! | 3 | before_filter :authorize_read_project! |
| 4 | before_filter :require_non_empty_project | 4 | before_filter :require_non_empty_project |
| 5 | 5 | ||
| 6 | - before_filter :authorize_admin_project!, only: [:destroy, :create] | 6 | + before_filter :authorize_code_access! |
| 7 | + before_filter :authorize_push!, only: [:create] | ||
| 8 | + before_filter :authorize_admin_project!, only: [:destroy] | ||
| 7 | 9 | ||
| 8 | def index | 10 | def index |
| 9 | @branches = Kaminari.paginate_array(@repository.branches).page(params[:page]).per(30) | 11 | @branches = Kaminari.paginate_array(@repository.branches).page(params[:page]).per(30) |
app/controllers/projects/tags_controller.rb
| 1 | class Projects::TagsController < Projects::ApplicationController | 1 | class Projects::TagsController < Projects::ApplicationController |
| 2 | # Authorize | 2 | # Authorize |
| 3 | before_filter :authorize_read_project! | 3 | before_filter :authorize_read_project! |
| 4 | - before_filter :authorize_code_access! | ||
| 5 | before_filter :require_non_empty_project | 4 | before_filter :require_non_empty_project |
| 6 | 5 | ||
| 7 | - before_filter :authorize_admin_project!, only: [:destroy, :create] | 6 | + before_filter :authorize_code_access! |
| 7 | + before_filter :authorize_push!, only: [:create] | ||
| 8 | + before_filter :authorize_admin_project!, only: [:destroy] | ||
| 8 | 9 | ||
| 9 | def index | 10 | def index |
| 10 | @tags = Kaminari.paginate_array(@project.repository.tags).page(params[:page]).per(30) | 11 | @tags = Kaminari.paginate_array(@project.repository.tags).page(params[:page]).per(30) |
app/views/projects/repositories/_filter.html.haml
| @@ -10,6 +10,7 @@ | @@ -10,6 +10,7 @@ | ||
| 10 | 10 | ||
| 11 | 11 | ||
| 12 | %hr | 12 | %hr |
| 13 | +- if can? current_user, :push_code, @project | ||
| 13 | = link_to new_project_branch_path(@project), class: 'btn btn-create' do | 14 | = link_to new_project_branch_path(@project), class: 'btn btn-create' do |
| 14 | %i.icon-add-sign | 15 | %i.icon-add-sign |
| 15 | New branch | 16 | New branch |