deac/gitlabhq
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Security for online editor. Replace dev_access?, master_access? with can? method usage

Browse source
This commit is contained in:
randx 2012-10-21 12:12:14 +03:00
parent 5ec1ad8b23
commit 0189ee97ed
7 changed files with 56 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/roles/authority.rb
View file

@ -53,6 +53,6 @@ module Authority
end
def master_access_for?(user)
!users_projects.where(user_id: user.id, project_access: [UsersProject::MASTER]).empty? || owner_id == user.id
!users_projects.where(user_id: user.id, project_access: [UsersProject::MASTER]).empty?
end
end