gitlab-org--gitlab-foss/app/controllers/concerns/issuable_actions.rb

module IssuableActions
  extend ActiveSupport::Concern

  included do
    before_action :labels, only: [:show, :new, :edit]
    before_action :authorize_destroy_issuable!, only: :destroy
    before_action :authorize_admin_issuable!, only: :bulk_update
  end

  def show
    respond_to do |format|
      format.html
      format.json do
        render json: serializer.represent(issuable, serializer: params[:serializer])
      end
    end
  end

  def update
    @issuable = update_service.execute(issuable) # rubocop:disable Gitlab/ModuleWithInstanceVariables

    respond_to do |format|
      format.html do
        recaptcha_check_if_spammable { render :edit }
      end

      format.json do
        recaptcha_check_if_spammable(false) { render_entity_json }
      end
    end

  rescue ActiveRecord::StaleObjectError
    render_conflict_response
  end

  def realtime_changes
    Gitlab::PollingInterval.set_header(response, interval: 3_000)

    response = {
      title: view_context.markdown_field(issuable, :title),
      title_text: issuable.title,
      description: view_context.markdown_field(issuable, :description),
      description_text: issuable.description,
      task_status: issuable.task_status
    }

    if issuable.edited?
      response[:updated_at] = issuable.last_edited_at.to_time.iso8601
      response[:updated_by_name] = issuable.last_edited_by.name
      response[:updated_by_path] = user_path(issuable.last_edited_by)
    end

    render json: response
  end

  def destroy
    Issuable::DestroyService.new(issuable.project, current_user).execute(issuable)

    name = issuable.human_class_name
    flash[:notice] = "The #{name} was successfully deleted."
    index_path = polymorphic_path([parent, issuable.class])

    respond_to do |format|
      format.html { redirect_to index_path }
      format.json do
        render json: {
          web_url: index_path
        }
      end
    end
  end

  def bulk_update
    result = Issuable::BulkUpdateService.new(project, current_user, bulk_update_params).execute(resource_name)
    quantity = result[:count]

    render json: { notice: "#{quantity} #{resource_name.pluralize(quantity)} updated" }
  end

  def discussions
    notes = issuable.notes
      .inc_relations_for_view
      .includes(:noteable)
      .fresh

    notes = prepare_notes_for_rendering(notes)
    notes = notes.reject { |n| n.cross_reference_not_visible_for?(current_user) }

    discussions = Discussion.build_collection(notes, issuable)

    render json: DiscussionSerializer.new(project: project, noteable: issuable, current_user: current_user).represent(discussions, context: self)
  end

  private

  def recaptcha_check_if_spammable(should_redirect = true, &block)
    return yield unless issuable.is_a? Spammable

    recaptcha_check_with_fallback(should_redirect, &block)
  end

  def render_conflict_response
    respond_to do |format|
      format.html do
        @conflict = true # rubocop:disable Gitlab/ModuleWithInstanceVariables
        render :edit
      end

      format.json do
        render json: {
          errors: [
            "Someone edited this #{issuable.human_class_name} at the same time you did. Please refresh your browser and make sure your changes will not unintentionally remove theirs."
          ]
        }, status: 409
      end
    end
  end

  def labels
    @labels ||= LabelsFinder.new(current_user, project_id: @project.id).execute # rubocop:disable Gitlab/ModuleWithInstanceVariables
  end

  def authorize_destroy_issuable!
    unless can?(current_user, :"destroy_#{issuable.to_ability_name}", issuable)
      return access_denied!
    end
  end

  def authorize_admin_issuable!
    unless can?(current_user, :"admin_#{resource_name}", @project) # rubocop:disable Gitlab/ModuleWithInstanceVariables
      return access_denied!
    end
  end

  def authorize_update_issuable!
    render_404 unless can?(current_user, :"update_#{resource_name}", issuable)
  end

  def bulk_update_params
    permitted_keys = [
      :issuable_ids,
      :assignee_id,
      :milestone_id,
      :state_event,
      :subscription_event,
      label_ids: [],
      add_label_ids: [],
      remove_label_ids: []
    ]

    if resource_name == 'issue'
      permitted_keys << { assignee_ids: [] }
    else
      permitted_keys.unshift(:assignee_id)
    end

    params.require(:update).permit(permitted_keys)
  end

  def resource_name
    @resource_name ||= controller_name.singularize
  end

  # rubocop:disable Gitlab/ModuleWithInstanceVariables
  def render_entity_json
    if @issuable.valid?
      render json: serializer.represent(@issuable)
    else
      render json: { errors: @issuable.errors.full_messages }, status: :unprocessable_entity
    end
  end
  # rubocop:enable Gitlab/ModuleWithInstanceVariables

  def serializer
    raise NotImplementedError
  end

  def update_service
    raise NotImplementedError
  end

  def parent
    @project || @group # rubocop:disable Gitlab/ModuleWithInstanceVariables
  end
end
Minor improvements on IssuableActions 2016-03-21 13:12:52 +00:00			`module IssuableActions`
			`extend ActiveSupport::Concern`

			`included do`
Show labels widget on issuable sidebar if project has only group labels 2016-09-26 21:06:46 +00:00			`before_action :labels, only: [:show, :new, :edit]`
Minor improvements on IssuableActions 2016-03-21 13:12:52 +00:00			`before_action :authorize_destroy_issuable!, only: :destroy`
Add bulk update support for merge requests list Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-06 12:49:49 +00:00			`before_action :authorize_admin_issuable!, only: :bulk_update`
Minor improvements on IssuableActions 2016-03-21 13:12:52 +00:00			`end`

CE port of code changed for epics 2017-11-01 17:35:14 +00:00			`def show`
			`respond_to do \|format\|`
Refactor issuables index actions 2017-11-07 13:34:12 +00:00			`format.html`
CE port of code changed for epics 2017-11-01 17:35:14 +00:00			`format.json do`
			`render json: serializer.represent(issuable, serializer: params[:serializer])`
			`end`
			`end`
			`end`

			`def update`
Move ModuleWithInstanceVariables to Gitlab namespace And use .rubocop.yml to exclude paths we don't care, rather than using the cop itself to exclude. 2017-11-22 07:50:36 +00:00			`@issuable = update_service.execute(issuable) # rubocop:disable Gitlab/ModuleWithInstanceVariables`
CE port of code changed for epics 2017-11-01 17:35:14 +00:00
			`respond_to do \|format\|`
			`format.html do`
Add recaptcha_check_if_spammable for issualbes than arent spammables 2017-12-08 18:19:51 +00:00			`recaptcha_check_if_spammable { render :edit }`
CE port of code changed for epics 2017-11-01 17:35:14 +00:00			`end`

			`format.json do`
Add recaptcha_check_if_spammable for issualbes than arent spammables 2017-12-08 18:19:51 +00:00			`recaptcha_check_if_spammable(false) { render_entity_json }`
CE port of code changed for epics 2017-11-01 17:35:14 +00:00			`end`
			`end`

			`rescue ActiveRecord::StaleObjectError`
			`render_conflict_response`
			`end`

			`def realtime_changes`
			`Gitlab::PollingInterval.set_header(response, interval: 3_000)`

			`response = {`
			`title: view_context.markdown_field(issuable, :title),`
			`title_text: issuable.title,`
			`description: view_context.markdown_field(issuable, :description),`
			`description_text: issuable.description,`
			`task_status: issuable.task_status`
			`}`

			`if issuable.edited?`
Return last edited time instead of update time For issuable models we keep two timestamps: updated_at which is updated whenever any model attribute is changed, last_edited_at which is changed when only title or description is changed. In UI bellow description we display who and when updated the item. But last_edited_by (used for 'who') is mistakenly combined with updated_at (when), last_edited_at should be used instead. Closes #41247 2018-01-11 16:22:00 +00:00			`response[:updated_at] = issuable.last_edited_at.to_time.iso8601`
CE port of code changed for epics 2017-11-01 17:35:14 +00:00			`response[:updated_by_name] = issuable.last_edited_by.name`
			`response[:updated_by_path] = user_path(issuable.last_edited_by)`
			`end`

			`render json: response`
			`end`

Minor improvements on IssuableActions 2016-03-21 13:12:52 +00:00			`def destroy`
Minor backport from EE 2017-11-29 10:27:36 +00:00			`Issuable::DestroyService.new(issuable.project, current_user).execute(issuable)`
Minor improvements on IssuableActions 2016-03-21 13:12:52 +00:00
Backport some changes done from Time Tracking feature in EE. 2016-11-19 02:19:04 +00:00			`name = issuable.human_class_name`
Minor improvements on IssuableActions 2016-03-21 13:12:52 +00:00			`flash[:notice] = "The #{name} was successfully deleted."`
Refactor issuable destroy action 2017-11-02 14:51:42 +00:00			`index_path = polymorphic_path([parent, issuable.class])`
Added inline issue edit form actions [ci skip] 2017-05-12 10:23:30 +00:00
			`respond_to do \|format\|`
			`format.html { redirect_to index_path }`
			`format.json do`
			`render json: {`
Warn before moving issue in inline edit form [ci skip] 2017-05-25 10:58:40 +00:00			`web_url: index_path`
Added inline issue edit form actions [ci skip] 2017-05-12 10:23:30 +00:00			`}`
			`end`
			`end`
Minor improvements on IssuableActions 2016-03-21 13:12:52 +00:00			`end`

Add bulk update support for merge requests list Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-06 12:49:49 +00:00			`def bulk_update`
			`result = Issuable::BulkUpdateService.new(project, current_user, bulk_update_params).execute(resource_name)`
			`quantity = result[:count]`

			`render json: { notice: "#{quantity} #{resource_name.pluralize(quantity)} updated" }`
			`end`

Render MR Notes with Vue with behind a cookie 2018-02-28 00:10:43 +00:00			`def discussions`
			`notes = issuable.notes`
			`.inc_relations_for_view`
			`.includes(:noteable)`
			`.fresh`

			`notes = prepare_notes_for_rendering(notes)`
			`notes = notes.reject { \|n\| n.cross_reference_not_visible_for?(current_user) }`

			`discussions = Discussion.build_collection(notes, issuable)`

			`render json: DiscussionSerializer.new(project: project, noteable: issuable, current_user: current_user).represent(discussions, context: self)`
			`end`

Minor improvements on IssuableActions 2016-03-21 13:12:52 +00:00			`private`

Add recaptcha_check_if_spammable for issualbes than arent spammables 2017-12-08 18:19:51 +00:00			`def recaptcha_check_if_spammable(should_redirect = true, &block)`
Backport changes from EE 2017-12-15 11:37:57 +00:00			`return yield unless issuable.is_a? Spammable`
Add recaptcha_check_if_spammable for issualbes than arent spammables 2017-12-08 18:19:51 +00:00
			`recaptcha_check_with_fallback(should_redirect, &block)`
			`end`

Fix issuable stale object error handler for js when updating tasklists 2017-01-16 18:43:03 +00:00			`def render_conflict_response`
			`respond_to do \|format\|`
			`format.html do`
Move ModuleWithInstanceVariables to Gitlab namespace And use .rubocop.yml to exclude paths we don't care, rather than using the cop itself to exclude. 2017-11-22 07:50:36 +00:00			`@conflict = true # rubocop:disable Gitlab/ModuleWithInstanceVariables`
Fix issuable stale object error handler for js when updating tasklists 2017-01-16 18:43:03 +00:00			`render :edit`
			`end`

			`format.json do`
			`render json: {`
			`errors: [`
			`"Someone edited this #{issuable.human_class_name} at the same time you did. Please refresh your browser and make sure your changes will not unintentionally remove theirs."`
			`]`
			`}, status: 409`
			`end`
			`end`
			`end`

Remove project_labels from Projects::ApplicationController 2016-09-20 14:03:41 +00:00			`def labels`
Fix a few layout error 2017-11-22 09:15:46 +00:00			`@labels \|\|= LabelsFinder.new(current_user, project_id: @project.id).execute # rubocop:disable Gitlab/ModuleWithInstanceVariables`
Remove project_labels from Projects::ApplicationController 2016-09-20 14:03:41 +00:00			`end`

Minor improvements on IssuableActions 2016-03-21 13:12:52 +00:00			`def authorize_destroy_issuable!`
Refactor code for bulk update merge requests feature Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-08 12:33:53 +00:00			`unless can?(current_user, :"destroy_#{issuable.to_ability_name}", issuable)`
Minor improvements on IssuableActions 2016-03-21 13:12:52 +00:00			`return access_denied!`
			`end`
			`end`
Add bulk update support for merge requests list Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-06 12:49:49 +00:00
			`def authorize_admin_issuable!`
Move ModuleWithInstanceVariables to Gitlab namespace And use .rubocop.yml to exclude paths we don't care, rather than using the cop itself to exclude. 2017-11-22 07:50:36 +00:00			`unless can?(current_user, :"admin_#{resource_name}", @project) # rubocop:disable Gitlab/ModuleWithInstanceVariables`
Add bulk update support for merge requests list Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-06 12:49:49 +00:00			`return access_denied!`
			`end`
			`end`

CE port of code changed for epics 2017-11-01 17:35:14 +00:00			`def authorize_update_issuable!`
			`render_404 unless can?(current_user, :"update_#{resource_name}", issuable)`
			`end`

Add bulk update support for merge requests list Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-06 12:49:49 +00:00			`def bulk_update_params`
fix for Follow-up from "Backport of Multiple Assignees feature 2017-05-08 14:58:42 +00:00			`permitted_keys = [`
Add bulk update support for merge requests list Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-06 12:49:49 +00:00			`:issuable_ids,`
			`:assignee_id,`
			`:milestone_id,`
			`:state_event,`
			`:subscription_event,`
			`label_ids: [],`
			`add_label_ids: [],`
			`remove_label_ids: []`
fix for Follow-up from "Backport of Multiple Assignees feature 2017-05-08 14:58:42 +00:00			`]`

			`if resource_name == 'issue'`
			`permitted_keys << { assignee_ids: [] }`
			`else`
			`permitted_keys.unshift(:assignee_id)`
			`end`

			`params.require(:update).permit(permitted_keys)`
Add bulk update support for merge requests list Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-06 12:49:49 +00:00			`end`

			`def resource_name`
			`@resource_name \|\|= controller_name.singularize`
			`end`
CE port of code changed for epics 2017-11-01 17:35:14 +00:00
Move ModuleWithInstanceVariables to Gitlab namespace And use .rubocop.yml to exclude paths we don't care, rather than using the cop itself to exclude. 2017-11-22 07:50:36 +00:00			`# rubocop:disable Gitlab/ModuleWithInstanceVariables`
CE port of code changed for epics 2017-11-01 17:35:14 +00:00			`def render_entity_json`
			`if @issuable.valid?`
			`render json: serializer.represent(@issuable)`
			`else`
			`render json: { errors: @issuable.errors.full_messages }, status: :unprocessable_entity`
			`end`
			`end`
Move ModuleWithInstanceVariables to Gitlab namespace And use .rubocop.yml to exclude paths we don't care, rather than using the cop itself to exclude. 2017-11-22 07:50:36 +00:00			`# rubocop:enable Gitlab/ModuleWithInstanceVariables`
CE port of code changed for epics 2017-11-01 17:35:14 +00:00
			`def serializer`
			`raise NotImplementedError`
			`end`

			`def update_service`
			`raise NotImplementedError`
			`end`
Refactor issuable destroy action 2017-11-02 14:51:42 +00:00
			`def parent`
Move ModuleWithInstanceVariables to Gitlab namespace And use .rubocop.yml to exclude paths we don't care, rather than using the cop itself to exclude. 2017-11-22 07:50:36 +00:00			`@project \|\| @group # rubocop:disable Gitlab/ModuleWithInstanceVariables`
Refactor issuable destroy action 2017-11-02 14:51:42 +00:00			`end`
Minor improvements on IssuableActions 2016-03-21 13:12:52 +00:00			`end`