gitlab-org--gitlab-foss/app/controllers/concerns/routable_actions.rb

module RoutableActions
  extend ActiveSupport::Concern

  def find_routable!(routable_klass, requested_full_path, extra_authorization_proc: nil)
    routable = routable_klass.find_by_full_path(requested_full_path, follow_redirects: request.get?)
    if routable_authorized?(routable, extra_authorization_proc)
      ensure_canonical_path(routable, requested_full_path)
      routable
    else
      handle_not_found_or_authorized(routable)
      nil
    end
  end

  # This is overridden in gitlab-ee.
  def handle_not_found_or_authorized(_routable)
    route_not_found
  end

  def routable_authorized?(routable, extra_authorization_proc)
    action = :"read_#{routable.class.to_s.underscore}"
    return false unless can?(current_user, action, routable)

    if extra_authorization_proc
      extra_authorization_proc.call(routable)
    else
      true
    end
  end

  def ensure_canonical_path(routable, requested_full_path)
    return unless request.get?

    canonical_path = routable.full_path
    if canonical_path != requested_full_path
      if canonical_path.casecmp(requested_full_path) != 0
        flash[:notice] = "#{routable.class.to_s.titleize} '#{requested_full_path}' was moved to '#{canonical_path}'. Please update any links and bookmarks that may still have the old path."
      end

      redirect_to build_canonical_path(routable)
    end
  end
end
Redirect from redirect routes to canonical routes 2017-05-01 16:46:30 -04:00			`module RoutableActions`
			`extend ActiveSupport::Concern`

Resolve discussions 2017-05-04 20:06:01 -04:00			`def find_routable!(routable_klass, requested_full_path, extra_authorization_proc: nil)`
Dry up routable lookups. Fixes #30317 Note: This changes the behavior of user lookups (see the spec change) so it acts the same way as groups and projects. Unauthenticated clients attempting to access a user page will be redirected to login whether the user exists and is publicly restricted, or does not exist at all. 2017-05-04 17:20:13 -04:00			`routable = routable_klass.find_by_full_path(requested_full_path, follow_redirects: request.get?)`
Fix redirect message for groups and users 2017-05-11 16:57:03 -04:00			`if routable_authorized?(routable, extra_authorization_proc)`
Dry up routable lookups. Fixes #30317 Note: This changes the behavior of user lookups (see the spec change) so it acts the same way as groups and projects. Unauthenticated clients attempting to access a user page will be redirected to login whether the user exists and is publicly restricted, or does not exist at all. 2017-05-04 17:20:13 -04:00			`ensure_canonical_path(routable, requested_full_path)`
			`routable`
			`else`
Port `read_cross_project` ability from EE 2017-12-11 09:21:06 -05:00			`handle_not_found_or_authorized(routable)`
Dry up routable lookups. Fixes #30317 Note: This changes the behavior of user lookups (see the spec change) so it acts the same way as groups and projects. Unauthenticated clients attempting to access a user page will be redirected to login whether the user exists and is publicly restricted, or does not exist at all. 2017-05-04 17:20:13 -04:00			`nil`
			`end`
			`end`

Port `read_cross_project` ability from EE 2017-12-11 09:21:06 -05:00			`# This is overridden in gitlab-ee.`
			`def handle_not_found_or_authorized(_routable)`
			`route_not_found`
			`end`

Fix redirect message for groups and users 2017-05-11 16:57:03 -04:00			`def routable_authorized?(routable, extra_authorization_proc)`
			`action = :"read_#{routable.class.to_s.underscore}"`
Dry up routable lookups. Fixes #30317 Note: This changes the behavior of user lookups (see the spec change) so it acts the same way as groups and projects. Unauthenticated clients attempting to access a user page will be redirected to login whether the user exists and is publicly restricted, or does not exist at all. 2017-05-04 17:20:13 -04:00			`return false unless can?(current_user, action, routable)`

Resolve discussions 2017-05-04 20:06:01 -04:00			`if extra_authorization_proc`
			`extra_authorization_proc.call(routable)`
Dry up routable lookups. Fixes #30317 Note: This changes the behavior of user lookups (see the spec change) so it acts the same way as groups and projects. Unauthenticated clients attempting to access a user page will be redirected to login whether the user exists and is publicly restricted, or does not exist at all. 2017-05-04 17:20:13 -04:00			`else`
			`true`
			`end`
			`end`

Fix ensure_canonical_path for top level routes Don’t replace a substring of the path if it is part of the top level route. E.g. When redirecting from `/groups/ups` to `/groups/foo`, be careful not to do `/grofoo/ups`. Projects are unaffected by this issue, but I am grouping the `#ensure_canonical_path` tests similar to the group and user tests. 2017-05-18 15:56:39 -04:00			`def ensure_canonical_path(routable, requested_full_path)`
Redirect from redirect routes to canonical routes 2017-05-01 16:46:30 -04:00			`return unless request.get?`

Resolve discussions 2017-05-04 20:06:01 -04:00			`canonical_path = routable.full_path`
Fix ensure_canonical_path for top level routes Don’t replace a substring of the path if it is part of the top level route. E.g. When redirecting from `/groups/ups` to `/groups/foo`, be careful not to do `/grofoo/ups`. Projects are unaffected by this issue, but I am grouping the `#ensure_canonical_path` tests similar to the group and user tests. 2017-05-18 15:56:39 -04:00			`if canonical_path != requested_full_path`
			`if canonical_path.casecmp(requested_full_path) != 0`
			`flash[:notice] = "#{routable.class.to_s.titleize} '#{requested_full_path}' was moved to '#{canonical_path}'. Please update any links and bookmarks that may still have the old path."`
Resolve discussions 2017-05-04 20:06:01 -04:00			`end`
Adds Rubocop rule for line break around conditionals 2018-01-11 11:34:01 -05:00
Refactor to more robust implementation In order to avoid string manipulation or modify route params (to make them unambiguous for `url_for`), we are accepting a behavior change: When being redirected to the canonical path for a group, if you requested a group show path starting with `/groups/…` then you’ll now be redirected to the group at root `/…`. 2017-05-18 19:23:05 -04:00			`redirect_to build_canonical_path(routable)`
Redirect from redirect routes to canonical routes 2017-05-01 16:46:30 -04:00			`end`
			`end`
			`end`