From 8457f1b11ebe5674cfb99f1fd02cf4e37fc94b7d Mon Sep 17 00:00:00 2001
From: David Fischer <david@readthedocs.org>
Date: Thu, 7 Jun 2018 17:18:47 -0700
Subject: [PATCH] Allow admins to trigger project builds

---
 readthedocs/builds/views.py | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/readthedocs/builds/views.py b/readthedocs/builds/views.py
index c6335fe36f7..473db6ac245 100644
--- a/readthedocs/builds/views.py
+++ b/readthedocs/builds/views.py
@@ -6,9 +6,13 @@
 
 from django.shortcuts import get_object_or_404
 from django.views.generic import ListView, DetailView
-from django.http import HttpResponsePermanentRedirect, HttpResponseRedirect
-from django.conf import settings
+from django.http import (
+    HttpResponseForbidden,
+    HttpResponsePermanentRedirect,
+    HttpResponseRedirect,
+)
 from django.contrib.auth.decorators import login_required
+from readthedocs.core.permissions import AdminPermission
 from django.core.urlresolvers import reverse
 from django.utils.decorators import method_decorator
 
@@ -38,10 +42,11 @@ class BuildTriggerMixin(object):
 
     @method_decorator(login_required)
     def post(self, request, project_slug):
-        project = get_object_or_404(
-            Project.objects.for_admin_user(self.request.user),
-            slug=project_slug
-        )
+        project = get_object_or_404(Project, slug=project_slug)
+
+        if not AdminPermission.is_admin(request.user, project):
+            return HttpResponseForbidden()
+
         version_slug = request.POST.get('version_slug')
         version = get_object_or_404(
             Version,