2018-09-25 23:45:43 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2013-06-23 12:47:22 -04:00
|
|
|
class Projects::NotesController < Projects::ApplicationController
|
2018-07-16 12:18:52 -04:00
|
|
|
include RendersNotes
|
2017-04-27 06:41:26 -04:00
|
|
|
include NotesActions
|
2018-02-27 19:10:43 -05:00
|
|
|
include NotesHelper
|
2016-05-25 15:07:36 -04:00
|
|
|
include ToggleAwardEmoji
|
|
|
|
|
2019-08-26 05:20:00 -04:00
|
|
|
before_action :whitelist_query_limiting, only: [:create, :update]
|
2015-04-16 08:03:37 -04:00
|
|
|
before_action :authorize_read_note!
|
2015-06-26 10:44:21 -04:00
|
|
|
before_action :authorize_create_note!, only: [:create]
|
2016-08-12 17:24:09 -04:00
|
|
|
before_action :authorize_resolve_note!, only: [:resolve, :unresolve]
|
2011-10-08 17:36:38 -04:00
|
|
|
|
2013-06-25 18:46:07 -04:00
|
|
|
def delete_attachment
|
2013-12-25 15:32:23 -05:00
|
|
|
note.remove_attachment!
|
|
|
|
note.update_attribute(:attachment, nil)
|
2013-06-25 18:46:07 -04:00
|
|
|
|
|
|
|
respond_to do |format|
|
2016-03-15 21:16:25 -04:00
|
|
|
format.js { head :ok }
|
2013-06-25 18:46:07 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-07-04 10:00:39 -04:00
|
|
|
def resolve
|
2016-07-26 00:43:47 -04:00
|
|
|
return render_404 unless note.resolvable?
|
|
|
|
|
2018-05-01 08:39:44 -04:00
|
|
|
Notes::ResolveService.new(project, current_user).execute(note)
|
2016-08-03 20:16:37 -04:00
|
|
|
|
2016-07-28 22:09:36 -04:00
|
|
|
discussion = note.discussion
|
2016-07-27 13:34:04 -04:00
|
|
|
|
2018-02-27 19:10:43 -05:00
|
|
|
if serialize_notes?
|
|
|
|
render_json_with_notes_serializer
|
|
|
|
else
|
|
|
|
render json: {
|
|
|
|
resolved_by: note.resolved_by.try(:name),
|
|
|
|
discussion_headline_html: (view_to_html_string('discussions/_headline', discussion: discussion) if discussion)
|
|
|
|
}
|
|
|
|
end
|
2016-07-04 10:00:39 -04:00
|
|
|
end
|
|
|
|
|
2016-07-26 00:43:47 -04:00
|
|
|
def unresolve
|
|
|
|
return render_404 unless note.resolvable?
|
|
|
|
|
|
|
|
note.unresolve!
|
|
|
|
|
2016-07-28 22:09:36 -04:00
|
|
|
discussion = note.discussion
|
2016-07-27 13:34:04 -04:00
|
|
|
|
2018-02-27 19:10:43 -05:00
|
|
|
if serialize_notes?
|
|
|
|
render_json_with_notes_serializer
|
|
|
|
else
|
|
|
|
render json: {
|
|
|
|
discussion_headline_html: (view_to_html_string('discussions/_headline', discussion: discussion) if discussion)
|
|
|
|
}
|
|
|
|
end
|
2016-07-05 12:27:07 -04:00
|
|
|
end
|
|
|
|
|
2013-12-25 15:32:23 -05:00
|
|
|
private
|
|
|
|
|
2018-02-27 19:10:43 -05:00
|
|
|
def render_json_with_notes_serializer
|
2018-07-16 12:18:52 -04:00
|
|
|
prepare_notes_for_rendering([note])
|
2018-02-27 19:10:43 -05:00
|
|
|
|
|
|
|
render json: note_serializer.represent(note)
|
|
|
|
end
|
|
|
|
|
2013-12-25 15:32:23 -05:00
|
|
|
def note
|
|
|
|
@note ||= @project.notes.find(params[:id])
|
|
|
|
end
|
2018-02-27 19:10:43 -05:00
|
|
|
|
2016-05-25 15:07:36 -04:00
|
|
|
alias_method :awardable, :note
|
2013-12-25 15:32:23 -05:00
|
|
|
|
2017-04-27 06:41:26 -04:00
|
|
|
def finder_params
|
2019-07-30 14:25:49 -04:00
|
|
|
params.merge(project: project, last_fetched_at: last_fetched_at, notes_filter: notes_filter)
|
2013-12-25 15:32:23 -05:00
|
|
|
end
|
2014-06-26 09:49:22 -04:00
|
|
|
|
2017-08-30 10:57:50 -04:00
|
|
|
def authorize_admin_note!
|
|
|
|
return access_denied! unless can?(current_user, :admin_note, note)
|
|
|
|
end
|
|
|
|
|
2016-07-26 00:43:47 -04:00
|
|
|
def authorize_resolve_note!
|
|
|
|
return access_denied! unless can?(current_user, :resolve_note, note)
|
|
|
|
end
|
2017-08-30 10:57:50 -04:00
|
|
|
|
|
|
|
def authorize_create_note!
|
2017-09-01 08:03:57 -04:00
|
|
|
return unless noteable.lockable?
|
2017-11-14 04:02:39 -05:00
|
|
|
|
2017-08-30 10:57:50 -04:00
|
|
|
access_denied! unless can?(current_user, :create_note, noteable)
|
|
|
|
end
|
2018-01-15 10:21:04 -05:00
|
|
|
|
|
|
|
def whitelist_query_limiting
|
|
|
|
Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42383')
|
|
|
|
end
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|