gitlab-org--gitlab-foss/lib/api/notes.rb

150 lines
5.3 KiB
Ruby
Raw Normal View History

module API
class Notes < Grape::API
2016-12-04 12:11:19 -05:00
include PaginationParams
before { authenticate! }
2017-02-21 18:32:18 -05:00
NOTEABLE_TYPES = [Issue, MergeRequest, Snippet].freeze
2016-11-09 09:26:27 -05:00
params do
requires :id, type: String, desc: 'The ID of a project'
end
resource :projects, requirements: { id: %r{[^/]+} } do
NOTEABLE_TYPES.each do |noteable_type|
noteables_str = noteable_type.to_s.underscore.pluralize
2016-11-09 09:26:27 -05:00
desc 'Get a list of project +noteable+ notes' do
success Entities::Note
end
params do
requires :noteable_id, type: Integer, desc: 'The ID of the noteable'
2016-12-04 12:11:19 -05:00
use :pagination
2016-11-09 09:26:27 -05:00
end
get ":id/#{noteables_str}/:noteable_id/notes" do
noteable = find_project_noteable(noteables_str, params[:noteable_id])
2016-11-09 09:26:27 -05:00
if can?(current_user, noteable_read_ability_name(noteable), noteable)
# We exclude notes that are cross-references and that cannot be viewed
# by the current user. By doing this exclusion at this level and not
# at the DB query level (which we cannot in that case), the current
# page can have less elements than :per_page even if
# there's more than one page.
notes =
# paginate() only works with a relation. This could lead to a
# mismatch between the pagination headers info and the actual notes
# array returned, but this is really a edge-case.
paginate(noteable.notes).
reject { |n| n.cross_reference_not_visible_for?(current_user) }
present notes, with: Entities::Note
else
2016-05-10 15:06:02 -04:00
not_found!("Notes")
end
end
2012-11-29 14:33:41 -05:00
2016-11-09 09:26:27 -05:00
desc 'Get a single +noteable+ note' do
success Entities::Note
end
params do
requires :note_id, type: Integer, desc: 'The ID of a note'
requires :noteable_id, type: Integer, desc: 'The ID of the noteable'
end
get ":id/#{noteables_str}/:noteable_id/notes/:note_id" do
noteable = find_project_noteable(noteables_str, params[:noteable_id])
2016-11-09 09:26:27 -05:00
note = noteable.notes.find(params[:note_id])
can_read_note = can?(current_user, noteable_read_ability_name(noteable), noteable) && !note.cross_reference_not_visible_for?(current_user)
2016-05-16 15:43:19 -04:00
if can_read_note
2016-11-09 09:26:27 -05:00
present note, with: Entities::Note
2016-05-16 15:43:19 -04:00
else
not_found!("Note")
end
2012-11-29 14:33:41 -05:00
end
2012-11-29 15:06:24 -05:00
2016-11-09 09:26:27 -05:00
desc 'Create a new +noteable+ note' do
success Entities::Note
end
params do
requires :noteable_id, type: Integer, desc: 'The ID of the noteable'
requires :body, type: String, desc: 'The content of a note'
optional :created_at, type: String, desc: 'The creation date of the note'
end
post ":id/#{noteables_str}/:noteable_id/notes" do
noteable = find_project_noteable(noteables_str, params[:noteable_id])
opts = {
note: params[:body],
noteable_type: noteables_str.classify,
noteable_id: noteable.id
}
if can?(current_user, noteable_read_ability_name(noteable), noteable)
2017-04-08 22:20:57 -04:00
if params[:created_at] && (current_user.admin? || user_project.owner == current_user)
opts[:created_at] = params[:created_at]
end
2012-11-29 15:06:24 -05:00
note = ::Notes::CreateService.new(user_project, current_user, opts).execute
if note.valid?
2017-02-21 19:51:36 -05:00
present note, with: Entities.const_get(note.class.name)
else
not_found!("Note #{note.errors.messages}")
end
else
not_found!("Note")
2012-11-29 15:06:24 -05:00
end
end
2016-11-09 09:26:27 -05:00
desc 'Update an existing +noteable+ note' do
success Entities::Note
end
params do
requires :noteable_id, type: Integer, desc: 'The ID of the noteable'
requires :note_id, type: Integer, desc: 'The ID of a note'
requires :body, type: String, desc: 'The content of a note'
end
put ":id/#{noteables_str}/:noteable_id/notes/:note_id" do
note = user_project.notes.find(params[:note_id])
authorize! :admin_note, note
opts = {
note: params[:body]
}
2016-11-09 09:26:27 -05:00
note = ::Notes::UpdateService.new(user_project, current_user, opts).execute(note)
2016-11-09 09:26:27 -05:00
if note.valid?
present note, with: Entities::Note
else
render_api_error!("Failed to save note #{note.errors.messages}", 400)
end
end
2016-11-09 09:26:27 -05:00
desc 'Delete a +noteable+ note' do
success Entities::Note
end
params do
requires :noteable_id, type: Integer, desc: 'The ID of the noteable'
requires :note_id, type: Integer, desc: 'The ID of a note'
end
delete ":id/#{noteables_str}/:noteable_id/notes/:note_id" do
2016-04-05 19:21:02 -04:00
note = user_project.notes.find(params[:note_id])
authorize! :admin_note, note
2016-04-12 09:43:29 -04:00
::Notes::DestroyService.new(user_project, current_user).execute(note)
2016-04-05 19:21:02 -04:00
end
end
end
helpers do
def find_project_noteable(noteables_str, noteable_id)
public_send("find_project_#{noteables_str.singularize}", noteable_id)
end
def noteable_read_ability_name(noteable)
"read_#{noteable.class.to_s.underscore}".to_sym
end
end
end
end