gitlab-org--gitlab-foss/app/controllers/projects/issues_controller.rb

class Projects::IssuesController < Projects::ApplicationController
  before_filter :module_enabled
  before_filter :issue, only: [:edit, :update, :show]

  # Allow read any issue
  before_filter :authorize_read_issue!

  # Allow write(create) issue
  before_filter :authorize_write_issue!, only: [:new, :create]

  # Allow modify issue
  before_filter :authorize_modify_issue!, only: [:edit, :update]

  # Allow issues bulk update
  before_filter :authorize_admin_issues!, only: [:bulk_update]

  respond_to :html

  def index
    terms = params['issue_search']

    @issues = issues_filtered
    @issues = @issues.full_search(terms) if terms.present?
    @issues = @issues.page(params[:page]).per(20)

    assignee_id, milestone_id = params[:assignee_id], params[:milestone_id]
    @assignee = @project.team.find(assignee_id) if assignee_id.present? && !assignee_id.to_i.zero?
    @milestone = @project.milestones.find(milestone_id) if milestone_id.present? && !milestone_id.to_i.zero?
    sort_param = params[:sort] || 'newest'
    @sort = sort_param.humanize unless sort_param.empty?
    @assignees = User.where(id: @project.issues.pluck(:assignee_id))

    respond_to do |format|
      format.html
      format.atom { render layout: false }
      format.json do
        render json: {
          html: view_to_html_string("projects/issues/_issues")
        }
      end
    end
  end

  def new
    params[:issue] ||= ActionController::Parameters.new(
      assignee_id: ""
    )

    @issue = @project.issues.new(issue_params)
    respond_with(@issue)
  end

  def edit
    respond_with(@issue)
  end

  def show
    @note = @project.notes.new(noteable: @issue)
    @notes = @issue.notes.inc_author.fresh
    @noteable = @issue

    respond_with(@issue)
  end

  def create
    @issue = Issues::CreateService.new(project, current_user, issue_params).execute

    respond_to do |format|
      format.html do
        if @issue.valid?
          redirect_to project_issue_path(@project, @issue)
        else
          render :new
        end
      end
      format.js do |format|
        @link = @issue.attachment.url.to_js
      end
    end
  end

  def update
    @issue = Issues::UpdateService.new(project, current_user, issue_params).execute(issue)

    respond_to do |format|
      format.js
      format.html do
        if @issue.valid?
          redirect_to [@project, @issue]
        else
          render :edit
        end
      end
      format.json do
        render json: {
          saved: @issue.valid?,
          assignee_avatar_url: @issue.assignee.try(:avatar_url)
        }
      end
    end
  end

  def bulk_update
    result = Issues::BulkUpdateService.new(project, current_user, params).execute
    redirect_to :back, notice: "#{result[:count]} issues updated"
  end

  protected

  def issue
    @issue ||= begin
                 @project.issues.find_by!(iid: params[:id])
               rescue ActiveRecord::RecordNotFound
                 redirect_old
               end
  end

  def authorize_modify_issue!
    return render_404 unless can?(current_user, :modify_issue, @issue)
  end

  def authorize_admin_issues!
    return render_404 unless can?(current_user, :admin_issue, @project)
  end

  def module_enabled
    return render_404 unless @project.issues_enabled
  end

  def issues_filtered
    params[:scope] = 'all' if params[:scope].blank?
    params[:state] = 'opened' if params[:state].blank?
    @issues = IssuesFinder.new.execute(current_user, params.merge(project_id: @project.id))
  end

  # Since iids are implemented only in 6.1
  # user may navigate to issue page using old global ids.
  #
  # To prevent 404 errors we provide a redirect to correct iids until 7.0 release
  #
  def redirect_old
    issue = @project.issues.find_by(id: params[:id])

    if issue
      redirect_to project_issue_path(@project, issue)
      return
    else
      raise ActiveRecord::RecordNotFound.new
    end
  end

  def issue_params
    params.require(:issue).permit(
      :title, :assignee_id, :position, :description,
      :milestone_id, :state_event, label_ids: []
    )
  end
end
Move projects controllers/views in Projects module 2013-06-23 16:47:22 +00:00			`class Projects::IssuesController < Projects::ApplicationController`
Issues, MR, Wall can be enabled/disabled per project 2012-02-06 17:40:32 +00:00			`before_filter :module_enabled`
Refactor issues, Remove ajax 2012-12-19 03:14:05 +00:00			`before_filter :issue, only: [:edit, :update, :show]`
Issues tags: refactoring 2012-06-27 20:13:44 +00:00
Abilities refactoring 2011-12-15 21:57:46 +00:00			`# Allow read any issue`
init commit 2011-10-08 21:36:38 +00:00			`before_filter :authorize_read_issue!`
Abilities refactoring 2011-12-15 21:57:46 +00:00
			`# Allow write(create) issue`
Fully embrace Ruby 1.9 hash syntax Didn't bother with files in db/, config/, or features/ 2012-08-10 22:07:50 +00:00			`before_filter :authorize_write_issue!, only: [:new, :create]`
Abilities refactoring 2011-12-15 21:57:46 +00:00
			`# Allow modify issue`
Fix Issues#bulk_update Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-02-10 13:36:58 +00:00			`before_filter :authorize_modify_issue!, only: [:edit, :update]`

			`# Allow issues bulk update`
			`before_filter :authorize_admin_issues!, only: [:bulk_update]`
Abilities refactoring 2011-12-15 21:57:46 +00:00
Drop rjs from Issues#index Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-11-29 13:05:32 +00:00			`respond_to :html`
init commit 2011-10-08 21:36:38 +00:00
			`def index`
refactor Issues.js. Remove unused actions. Respect filters while searching for issue 2013-04-07 10:19:36 +00:00			`terms = params['issue_search']`

Refactored IssuesController 2012-06-12 08:31:38 +00:00			`@issues = issues_filtered`
Search by issue/mr title and description Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-08-27 09:47:30 +00:00			`@issues = @issues.full_search(terms) if terms.present?`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00			`@issues = @issues.page(params[:page]).per(20)`
perfomance fix 2011-11-15 09:09:07 +00:00
bring more usability to issues filtering. Block issues area on loading filtered results 2013-05-08 10:43:21 +00:00			`assignee_id, milestone_id = params[:assignee_id], params[:milestone_id]`
Use project.team over project.users 2013-06-17 11:55:41 +00:00			`@assignee = @project.team.find(assignee_id) if assignee_id.present? && !assignee_id.to_i.zero?`
bring more usability to issues filtering. Block issues area on loading filtered results 2013-05-08 10:43:21 +00:00			`@milestone = @project.milestones.find(milestone_id) if milestone_id.present? && !milestone_id.to_i.zero?`
Added sorting to project issues page 2013-11-20 22:59:50 +00:00			`sort_param = params[:sort] \|\| 'newest'`
			`@sort = sort_param.humanize unless sort_param.empty?`
Show only people who have assigned issues in assignee dropdown Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-02-13 11:57:11 +00:00			`@assignees = User.where(id: @project.issues.pluck(:assignee_id))`
bring more usability to issues filtering. Block issues area on loading filtered results 2013-05-08 10:43:21 +00:00
init commit 2011-10-08 21:36:38 +00:00			`respond_to do \|format\|`
Drop rjs from Issues#index Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-11-29 13:05:32 +00:00			`format.html`
Fully embrace Ruby 1.9 hash syntax Didn't bother with files in db/, config/, or features/ 2012-08-10 22:07:50 +00:00			`format.atom { render layout: false }`
Drop rjs from Issues#index Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-11-29 13:05:32 +00:00			`format.json do`
			`render json: {`
			`html: view_to_html_string("projects/issues/_issues")`
			`}`
			`end`
init commit 2011-10-08 21:36:38 +00:00			`end`
			`end`

			`def new`
Create required issue param for new action. 2014-07-01 12:03:49 +00:00			`params[:issue] \|\|= ActionController::Parameters.new(`
			`assignee_id: ""`
			`)`

Remove protected_atrributes gem and start moving to strong params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 11:30:07 +00:00			`@issue = @project.issues.new(issue_params)`
init commit 2011-10-08 21:36:38 +00:00			`respond_with(@issue)`
			`end`

			`def edit`
			`respond_with(@issue)`
			`end`

			`def show`
Fully embrace Ruby 1.9 hash syntax Didn't bother with files in db/, config/, or features/ 2012-08-10 22:07:50 +00:00			`@note = @project.notes.new(noteable: @issue)`
Make note anchors actually work Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-12-25 11:32:43 +00:00			`@notes = @issue.notes.inc_author.fresh`
Update commentable controllers with new note vars Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-12-25 20:32:48 +00:00			`@noteable = @issue`
refactored too 2011-11-04 15:46:51 +00:00
Drop rjs from Issues#index Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-11-29 13:05:32 +00:00			`respond_with(@issue)`
init commit 2011-10-08 21:36:38 +00:00			`end`

			`def create`
Remove protected_atrributes gem and start moving to strong params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 11:30:07 +00:00			`@issue = Issues::CreateService.new(project, current_user, issue_params).execute`
init commit 2011-10-08 21:36:38 +00:00
Send author to post hook. Display push activity to dashboard 2012-02-29 20:38:24 +00:00			`respond_to do \|format\|`
Removed class 'small' for some buttons. Fixed issue creation 2012-08-30 17:00:16 +00:00			`format.html do`
Context refactoring. Move Issues list, Search logic to context 2012-10-09 19:09:46 +00:00			`if @issue.valid?`
Removed class 'small' for some buttons. Fixed issue creation 2012-08-30 17:00:16 +00:00			`redirect_to project_issue_path(@project, @issue)`
			`else`
			`render :new`
			`end`
			`end`
Implements drag and drop upload in creating issues 2014-05-23 08:22:00 +00:00			`format.js do \|format\|`
			`@link = @issue.attachment.url.to_js`
			`end`
Send author to post hook. Display push activity to dashboard 2012-02-29 20:38:24 +00:00			`end`
init commit 2011-10-08 21:36:38 +00:00			`end`

			`def update`
Remove protected_atrributes gem and start moving to strong params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 11:30:07 +00:00			`@issue = Issues::UpdateService.new(project, current_user, issue_params).execute(issue)`
init commit 2011-10-08 21:36:38 +00:00
			`respond_to do \|format\|`
			`format.js`
Context refactoring. Move Issues list, Search logic to context 2012-10-09 19:09:46 +00:00			`format.html do`
Preparing 591 for merge. Restyled issues & merge requests. Fixed issue edit. 2012-03-25 16:05:24 +00:00			`if @issue.valid?`
			`redirect_to [@project, @issue]`
			`else`
			`render :edit`
			`end`
			`end`
Add reopened tab to milestone issues. Add ids and data to milestone issues to enable dragging Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-04 15:52:35 +00:00			`format.json do`
			`render json: {`
			`saved: @issue.valid?,`
Show/hide issue assignee avatar depends on drag-n-drop column in milestone view Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-16 09:17:34 +00:00			`assignee_avatar_url: @issue.assignee.try(:avatar_url)`
Add reopened tab to milestone issues. Add ids and data to milestone issues to enable dragging Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-04 15:52:35 +00:00			`}`
			`end`
init commit 2011-10-08 21:36:38 +00:00			`end`
			`end`

Feature: Bulk Issues update 2012-07-28 00:35:24 +00:00			`def bulk_update`
Move all Context classes into Services Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-01-16 17:03:42 +00:00			`result = Issues::BulkUpdateService.new(project, current_user, params).execute`
Fully embrace Ruby 1.9 hash syntax Didn't bother with files in db/, config/, or features/ 2012-08-10 22:07:50 +00:00			`redirect_to :back, notice: "#{result[:count]} issues updated"`
Feature: Bulk Issues update 2012-07-28 00:35:24 +00:00			`end`

clean-up code * Remove trailing whitespace * Converts hard-tabs into two-space soft-tabs * Remove consecutive blank lines 2011-10-26 13:46:25 +00:00			`protected`
security improved 2011-10-17 10:39:03 +00:00
			`def issue`
Add redirect from Issue#id to Issue#iid 2013-08-26 11:15:21 +00:00			`@issue \|\|= begin`
Remove deprecated finders 2014-01-19 18:55:59 +00:00			`@project.issues.find_by!(iid: params[:id])`
Add redirect from Issue#id to Issue#iid 2013-08-26 11:15:21 +00:00			`rescue ActiveRecord::RecordNotFound`
			`redirect_old`
			`end`
security improved 2011-10-17 10:39:03 +00:00			`end`
Abilities refactoring 2011-12-15 21:57:46 +00:00
			`def authorize_modify_issue!`
Abilities extended. Resources security improved 2012-02-21 22:31:18 +00:00			`return render_404 unless can?(current_user, :modify_issue, @issue)`
Abilities refactoring 2011-12-15 21:57:46 +00:00			`end`

Fix Issues#bulk_update Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-02-10 13:36:58 +00:00			`def authorize_admin_issues!`
			`return render_404 unless can?(current_user, :admin_issue, @project)`
Abilities refactoring 2011-12-15 21:57:46 +00:00			`end`
Issues, MR, Wall can be enabled/disabled per project 2012-02-06 17:40:32 +00:00
			`def module_enabled`
			`return render_404 unless @project.issues_enabled`
			`end`
Refactored IssuesController 2012-06-12 08:31:38 +00:00
			`def issues_filtered`
Use FilteringService for project issuus, mrs Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-01-15 14:32:44 +00:00			`params[:scope] = 'all' if params[:scope].blank?`
			`params[:state] = 'opened' if params[:state].blank?`
Move services for collecting items to Finders Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-02-25 17:15:08 +00:00			`@issues = IssuesFinder.new.execute(current_user, params.merge(project_id: @project.id))`
Issues tags: refactoring 2012-06-27 20:13:44 +00:00			`end`
Add redirect from Issue#id to Issue#iid 2013-08-26 11:15:21 +00:00
			`# Since iids are implemented only in 6.1`
			`# user may navigate to issue page using old global ids.`
			`#`
			`# To prevent 404 errors we provide a redirect to correct iids until 7.0 release`
			`#`
			`def redirect_old`
Remove deprecated finders 2014-01-19 18:55:59 +00:00			`issue = @project.issues.find_by(id: params[:id])`
Add redirect from Issue#id to Issue#iid 2013-08-26 11:15:21 +00:00
			`if issue`
			`redirect_to project_issue_path(@project, issue)`
			`return`
			`else`
			`raise ActiveRecord::RecordNotFound.new`
			`end`
			`end`
Remove protected_atrributes gem and start moving to strong params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 11:30:07 +00:00
			`def issue_params`
			`params.require(:issue).permit(`
			`:title, :assignee_id, :position, :description,`
Allow set labels from Issue/MR forms Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-07-29 18:23:54 +00:00			`:milestone_id, :state_event, label_ids: []`
Remove protected_atrributes gem and start moving to strong params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 11:30:07 +00:00			`)`
			`end`
init commit 2011-10-08 21:36:38 +00:00			`end`