| ... | @@ -6,8 +6,18 @@ class MergeRequestsController < ApplicationController |
... | @@ -6,8 +6,18 @@ class MergeRequestsController < ApplicationController |
|
|
|
|
|
|
|
# Authorize
|
|
# Authorize
|
|
|
before_filter :add_project_abilities
|
|
before_filter :add_project_abilities
|
|
|
before_filter :authorize_read_project!
|
|
|
|
|
before_filter :authorize_write_project!, :only => [:new, :create, :edit, :update]
|
|
# Allow read any merge_request
|
|
|
|
before_filter :authorize_read_merge_request!
|
|
|
|
|
|
|
|
# Allow write(create) merge_request
|
|
|
|
before_filter :authorize_write_merge_request!, :only => [:new, :create]
|
|
|
|
|
|
|
|
# Allow modify merge_request
|
|
|
|
before_filter :authorize_modify_merge_request!, :only => [:close, :edit, :update, :sort]
|
|
|
|
|
|
|
|
# Allow destroy merge_request
|
|
|
|
before_filter :authorize_admin_merge_request!, :only => [:destroy]
|
|
|
|
|
|
|
|
def index
|
|
def index
|
|
|
@merge_requests = @project.merge_requests
|
|
@merge_requests = @project.merge_requests
|
| ... | @@ -85,4 +95,13 @@ class MergeRequestsController < ApplicationController |
... | @@ -85,4 +95,13 @@ class MergeRequestsController < ApplicationController |
|
|
def merge_request
|
|
def merge_request
|
|
|
@merge_request ||= @project.merge_requests.find(params[:id])
|
|
@merge_request ||= @project.merge_requests.find(params[:id])
|
|
|
end
|
|
end
|
|
|
|
|
|
|
|
def authorize_modify_merge_request!
|
|
|
|
can?(current_user, :modify_merge_request, @merge_request) ||
|
|
|
|
@merge_request.assignee == current_user
|
|
|
|
end
|
|
|
|
|
|
|
|
def authorize_admin_merge_request!
|
|
|
|
can?(current_user, :admin_merge_request, @merge_request)
|
|
|
|
end
|
|
|
end |
|
end |