Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • allgo allgo
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 82
    • Issues 82
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 11
    • Merge requests 11
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • allgo
  • allgoallgo
  • Merge requests
  • !116

Merged
Created Sep 12, 2018 by BERJON Matthieu@mberjonContributor

Resolve "implement access control in job views"

  • Overview 5
  • Commits 13
  • Pipelines 8
  • Changes 6

There are two mixins that are really similar. One is dedicated to the UI and another one for the API (they don't share exactly the same requirement because of the CSRF protection that needs to be disable on the API part.


Now, a JobAuthorizationMixin has been created. It overrides the dispatch method in order to check if the user can have access to the given job view. If he can't, a 403 HTTP error is sent back.


I added to the JobDetail view a dispatch method in order to restrict the view of a job to its creator and superusers.

Closes #250 (closed)

Edited Sep 27, 2018 by BAIRE Anthony
Assignee
Assign to
Reviewer
Request review from
Time tracking
Source branch: 250-implement-access-control-in-job-views