gitlab-org--gitlab-foss/app/controllers/projects/snippets_controller.rb

class Projects::SnippetsController < Projects::ApplicationController
  include ToggleAwardEmoji
  include SpammableActions
  include SnippetsActions

  before_action :module_enabled
  before_action :snippet, only: [:show, :edit, :destroy, :update, :raw, :toggle_award_emoji, :mark_as_spam]

  # Allow read any snippet
  before_action :authorize_read_project_snippet!, except: [:new, :create, :index]

  # Allow write(create) snippet
  before_action :authorize_create_project_snippet!, only: [:new, :create]

  # Allow modify snippet
  before_action :authorize_update_project_snippet!, only: [:edit, :update]

  # Allow destroy snippet
  before_action :authorize_admin_project_snippet!, only: [:destroy]

  respond_to :html

  def index
    @snippets = SnippetsFinder.new.execute(
      current_user,
      filter: :by_project,
      project: @project,
      scope: params[:scope]
    )
    @snippets = @snippets.page(params[:page])
    if @snippets.out_of_range? && @snippets.total_pages != 0
      redirect_to namespace_project_snippets_path(page: @snippets.total_pages)
    end
  end

  def new
    @snippet = @noteable = @project.snippets.build
  end

  def create
    create_params = snippet_params.merge(request: request)
    @snippet = CreateSnippetService.new(@project, current_user, create_params).execute

    if @snippet.valid?
      respond_with(@snippet,
                   location: namespace_project_snippet_path(@project.namespace,
                                                            @project, @snippet))
    else
      render :new
    end
  end

  def update
    UpdateSnippetService.new(project, current_user, @snippet,
                             snippet_params).execute
    respond_with(@snippet,
                 location: namespace_project_snippet_path(@project.namespace,
                                                          @project, @snippet))
  end

  def show
    @note = @project.notes.new(noteable: @snippet)
    @notes = Banzai::NoteRenderer.render(@snippet.notes.fresh, @project, current_user)
    @noteable = @snippet
  end

  def destroy
    return access_denied! unless can?(current_user, :admin_project_snippet, @snippet)

    @snippet.destroy

    redirect_to namespace_project_snippets_path(@project.namespace, @project)
  end

  protected

  def snippet
    @snippet ||= @project.snippets.find(params[:id])
  end
  alias_method :awardable, :snippet
  alias_method :spammable, :snippet

  def authorize_read_project_snippet!
    return render_404 unless can?(current_user, :read_project_snippet, @snippet)
  end

  def authorize_update_project_snippet!
    return render_404 unless can?(current_user, :update_project_snippet, @snippet)
  end

  def authorize_admin_project_snippet!
    return render_404 unless can?(current_user, :admin_project_snippet, @snippet)
  end

  def module_enabled
    return render_404 unless @project.feature_available?(:snippets, current_user)
  end

  def snippet_params
    params.require(:project_snippet).permit(:title, :content, :file_name, :private, :visibility_level)
  end
end
Project snippets moved to /projects 2013-03-23 19:13:51 +00:00			`class Projects::SnippetsController < Projects::ApplicationController`
Start Frontend work, fix routing problem 2016-09-04 08:51:12 +00:00			`include ToggleAwardEmoji`
Check public snippets for spam Apply the same spam checks to public snippets (either personal snippets that are public, or public snippets on public projects) as to issues on public projects. 2017-02-01 18:15:59 +00:00			`include SpammableActions`
Download snippets with LF line-endings by default 2017-02-06 15:04:00 +00:00			`include SnippetsActions`
Start Frontend work, fix routing problem 2016-09-04 08:51:12 +00:00
Fixed the Rails/ActionFilter cop Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-04-16 12:03:37 +00:00			`before_action :module_enabled`
Check public snippets for spam Apply the same spam checks to public snippets (either personal snippets that are public, or public snippets on public projects) as to issues on public projects. 2017-02-01 18:15:59 +00:00			`before_action :snippet, only: [:show, :edit, :destroy, :update, :raw, :toggle_award_emoji, :mark_as_spam]`
Private field added to snippet 2013-03-23 18:14:37 +00:00
			`# Allow read any snippet`
Ensure project snippets have their own access level 2016-03-25 17:51:17 +00:00			`before_action :authorize_read_project_snippet!, except: [:new, :create, :index]`
Private field added to snippet 2013-03-23 18:14:37 +00:00
			`# Allow write(create) snippet`
Update controller filters Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-06-26 14:44:21 +00:00			`before_action :authorize_create_project_snippet!, only: [:new, :create]`
Private field added to snippet 2013-03-23 18:14:37 +00:00
			`# Allow modify snippet`
Update controller filters Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-06-26 14:44:21 +00:00			`before_action :authorize_update_project_snippet!, only: [:edit, :update]`
Private field added to snippet 2013-03-23 18:14:37 +00:00
			`# Allow destroy snippet`
Fixed the Rails/ActionFilter cop Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-04-16 12:03:37 +00:00			`before_action :authorize_admin_project_snippet!, only: [:destroy]`
Private field added to snippet 2013-03-23 18:14:37 +00:00
			`respond_to :html`

			`def index`
add scope filters to project snippets page 2016-12-07 22:35:53 +00:00			`@snippets = SnippetsFinder.new.execute(`
			`current_user,`
Snippets: public/internal/private 2014-10-08 13:44:25 +00:00			`filter: :by_project,`
add scope filters to project snippets page 2016-12-07 22:35:53 +00:00			`project: @project,`
			`scope: params[:scope]`
			`)`
adds specs for respective behaviour 2016-12-20 18:52:09 +00:00			`@snippets = @snippets.page(params[:page])`
			`if @snippets.out_of_range? && @snippets.total_pages != 0`
			`redirect_to namespace_project_snippets_path(page: @snippets.total_pages)`
			`end`
Private field added to snippet 2013-03-23 18:14:37 +00:00			`end`

			`def new`
Fix autocomplete for new issues/MRs/snippets 2016-01-15 10:29:53 +00:00			`@snippet = @noteable = @project.snippets.build`
Private field added to snippet 2013-03-23 18:14:37 +00:00			`end`

			`def create`
Check public snippets for spam Apply the same spam checks to public snippets (either personal snippets that are public, or public snippets on public projects) as to issues on public projects. 2017-02-01 18:15:59 +00:00			`create_params = snippet_params.merge(request: request)`
			`@snippet = CreateSnippetService.new(@project, current_user, create_params).execute`
Fix 500 error when try to create project snippet without content Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-08-26 21:59:52 +00:00
			`if @snippet.valid?`
			`respond_with(@snippet,`
			`location: namespace_project_snippet_path(@project.namespace,`
			`@project, @snippet))`
			`else`
			`render :new`
			`end`
Private field added to snippet 2013-03-23 18:14:37 +00:00			`end`

			`def update`
Enforce restricted visibilities for snippets Add new service classes to create and update project and personal snippets. These classes are responsible for enforcing restricted visibility settings for non-admin users. 2015-03-07 19:47:06 +00:00			`UpdateSnippetService.new(project, current_user, @snippet,`
			`snippet_params).execute`
			`respond_with(@snippet,`
			`location: namespace_project_snippet_path(@project.namespace,`
			`@project, @snippet))`
Private field added to snippet 2013-03-23 18:14:37 +00:00			`end`

			`def show`
			`@note = @project.notes.new(noteable: @snippet)`
Fix snippets comments not displayed The issue was that @notes were not passed to Banzai::NoteRenderer.render in Projects::SnippetsController#show. This was forgotten in d470f3d1. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-01 15:15:48 +00:00			`@notes = Banzai::NoteRenderer.render(@snippet.notes.fresh, @project, current_user)`
Update commentable controllers with new note vars Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-12-25 20:32:48 +00:00			`@noteable = @snippet`
Private field added to snippet 2013-03-23 18:14:37 +00:00			`end`

			`def destroy`
Snippets feature refactored. Tests now use spinach 2013-03-24 18:31:14 +00:00			`return access_denied! unless can?(current_user, :admin_project_snippet, @snippet)`
Private field added to snippet 2013-03-23 18:14:37 +00:00
			`@snippet.destroy`

Upgrade to Rails 4.1.9 Make the following changes to deal with new behavior in Rails 4.1.2: * Use nested resources to avoid slashes in arguments to path helpers. 2015-01-24 18:02:58 +00:00			`redirect_to namespace_project_snippets_path(@project.namespace, @project)`
Private field added to snippet 2013-03-23 18:14:37 +00:00			`end`

			`protected`

			`def snippet`
			`@snippet \|\|= @project.snippets.find(params[:id])`
			`end`
Start Frontend work, fix routing problem 2016-09-04 08:51:12 +00:00			`alias_method :awardable, :snippet`
Check public snippets for spam Apply the same spam checks to public snippets (either personal snippets that are public, or public snippets on public projects) as to issues on public projects. 2017-02-01 18:15:59 +00:00			`alias_method :spammable, :snippet`
Private field added to snippet 2013-03-23 18:14:37 +00:00
Ensure private project snippets are not viewable by unauthorized people Fix https://gitlab.com/gitlab-org/gitlab-ce/issues/14607. 2016-03-25 11:31:43 +00:00			`def authorize_read_project_snippet!`
			`return render_404 unless can?(current_user, :read_project_snippet, @snippet)`
			`end`

Update controller filters Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-06-26 14:44:21 +00:00			`def authorize_update_project_snippet!`
Rename abilities to correspond contoller/model action names write_ was renamed to create_ modify_ was renamed to update_ So now in update action we have next code def create can?(current_user, :create_issue, @issue) end def update can?(current_user, :update_issue, @issue) end Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-06-26 13:55:56 +00:00			`return render_404 unless can?(current_user, :update_project_snippet, @snippet)`
Private field added to snippet 2013-03-23 18:14:37 +00:00			`end`

Permissions for Project Snippet fixed 2013-03-25 10:22:14 +00:00			`def authorize_admin_project_snippet!`
Snippets feature refactored. Tests now use spinach 2013-03-24 18:31:14 +00:00			`return render_404 unless can?(current_user, :admin_project_snippet, @snippet)`
Private field added to snippet 2013-03-23 18:14:37 +00:00			`end`

			`def module_enabled`
Project tools visibility level 2016-08-01 22:31:21 +00:00			`return render_404 unless @project.feature_available?(:snippets, current_user)`
Private field added to snippet 2013-03-23 18:14:37 +00:00			`end`
Project hook, milestone, snippet strong params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 15:51:11 +00:00
			`def snippet_params`
Snippets: public/internal/private 2014-10-08 13:44:25 +00:00			`params.require(:project_snippet).permit(:title, :content, :file_name, :private, :visibility_level)`
Project hook, milestone, snippet strong params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 15:51:11 +00:00			`end`
Private field added to snippet 2013-03-23 18:14:37 +00:00			`end`