gitlab-org--gitlab-foss/app/controllers/concerns/issuable_actions.rb

# frozen_string_literal: true

module IssuableActions
  extend ActiveSupport::Concern
  include Gitlab::Utils::StrongMemoize

  included do
    before_action :authorize_destroy_issuable!, only: :destroy
    before_action :authorize_admin_issuable!, only: :bulk_update
    before_action only: :show do
      push_frontend_feature_flag(:reply_to_individual_notes)
    end
  end

  def permitted_keys
    [
      :issuable_ids,
      :assignee_id,
      :milestone_id,
      :state_event,
      :subscription_event,
      label_ids: [],
      add_label_ids: [],
      remove_label_ids: []
    ]
  end

  def show
    respond_to do |format|
      format.html do
        @issuable_sidebar = serializer.represent(issuable, serializer: 'sidebar') # rubocop:disable Gitlab/ModuleWithInstanceVariables
      end

      format.json do
        render json: serializer.represent(issuable, serializer: params[:serializer])
      end
    end
  end

  def update
    @issuable = update_service.execute(issuable) # rubocop:disable Gitlab/ModuleWithInstanceVariables
    respond_to do |format|
      format.html do
        recaptcha_check_if_spammable { render :edit }
      end

      format.json do
        recaptcha_check_if_spammable(false) { render_entity_json }
      end
    end

  rescue ActiveRecord::StaleObjectError
    render_conflict_response
  end

  def realtime_changes
    Gitlab::PollingInterval.set_header(response, interval: 3_000)

    response = {
      title: view_context.markdown_field(issuable, :title),
      title_text: issuable.title,
      description: view_context.markdown_field(issuable, :description),
      description_text: issuable.description,
      task_status: issuable.task_status,
      lock_version: issuable.lock_version
    }

    if issuable.edited?
      response[:updated_at] = issuable.last_edited_at.to_time.iso8601
      response[:updated_by_name] = issuable.last_edited_by.name
      response[:updated_by_path] = user_path(issuable.last_edited_by)
    end

    render json: response
  end

  def destroy
    Issuable::DestroyService.new(issuable.project, current_user).execute(issuable)

    name = issuable.human_class_name
    flash[:notice] = "The #{name} was successfully deleted."
    index_path = polymorphic_path([parent, issuable.class])

    respond_to do |format|
      format.html { redirect_to index_path }
      format.json do
        render json: {
          web_url: index_path
        }
      end
    end
  end

  def bulk_update
    result = Issuable::BulkUpdateService.new(project, current_user, bulk_update_params).execute(resource_name)
    quantity = result[:count]

    render json: { notice: "#{quantity} #{resource_name.pluralize(quantity)} updated" }
  end

  # rubocop: disable CodeReuse/ActiveRecord
  def discussions
    notes = issuable.discussion_notes
      .inc_relations_for_view
      .with_notes_filter(notes_filter)
      .includes(:noteable)
      .fresh

    if notes_filter != UserPreference::NOTES_FILTERS[:only_comments]
      notes = ResourceEvents::MergeIntoNotesService.new(issuable, current_user).execute(notes)
    end

    notes = prepare_notes_for_rendering(notes)
    notes = notes.reject { |n| n.cross_reference_not_visible_for?(current_user) }

    discussions = Discussion.build_collection(notes, issuable)

    render json: discussion_serializer.represent(discussions, context: self)
  end
  # rubocop: enable CodeReuse/ActiveRecord

  private

  def notes_filter
    strong_memoize(:notes_filter) do
      notes_filter_param = params[:notes_filter]&.to_i

      # GitLab Geo does not expect database UPDATE or INSERT statements to happen
      # on GET requests.
      # This is just a fail-safe in case notes_filter is sent via GET request in GitLab Geo.
      if Gitlab::Database.read_only?
        notes_filter_param || current_user&.notes_filter_for(issuable)
      else
        notes_filter = current_user&.set_notes_filter(notes_filter_param, issuable) || notes_filter_param

        # We need to invalidate the cache for polling notes otherwise it will
        # ignore the filter.
        # The ideal would be to invalidate the cache for each user.
        issuable.expire_note_etag_cache if notes_filter_updated?

        notes_filter
      end
    end
  end

  def notes_filter_updated?
    current_user&.user_preference&.previous_changes&.any?
  end

  def discussion_serializer
    DiscussionSerializer.new(project: project, noteable: issuable, current_user: current_user, note_entity: ProjectNoteEntity)
  end

  def recaptcha_check_if_spammable(should_redirect = true, &block)
    return yield unless issuable.is_a? Spammable

    recaptcha_check_with_fallback(should_redirect, &block)
  end

  def render_conflict_response
    respond_to do |format|
      format.html do
        @conflict = true # rubocop:disable Gitlab/ModuleWithInstanceVariables
        render :edit
      end

      format.json do
        render json: {
          errors: [
            "Someone edited this #{issuable.human_class_name} at the same time you did. Please refresh your browser and make sure your changes will not unintentionally remove theirs."
          ]
        }, status: :conflict
      end
    end
  end

  def authorize_destroy_issuable!
    unless can?(current_user, :"destroy_#{issuable.to_ability_name}", issuable)
      return access_denied!
    end
  end

  def authorize_admin_issuable!
    unless can?(current_user, :"admin_#{resource_name}", @project) # rubocop:disable Gitlab/ModuleWithInstanceVariables
      return access_denied!
    end
  end

  def authorize_update_issuable!
    render_404 unless can?(current_user, :"update_#{resource_name}", issuable)
  end

  def bulk_update_params
    permitted_keys_array = permitted_keys.dup

    if resource_name == 'issue'
      permitted_keys_array << { assignee_ids: [] }
    else
      permitted_keys_array.unshift(:assignee_id)
    end

    params.require(:update).permit(permitted_keys_array)
  end

  def resource_name
    @resource_name ||= controller_name.singularize
  end

  # rubocop:disable Gitlab/ModuleWithInstanceVariables
  def render_entity_json
    if @issuable.valid?
      render json: serializer.represent(@issuable)
    else
      render json: { errors: @issuable.errors.full_messages }, status: :unprocessable_entity
    end
  end
  # rubocop:enable Gitlab/ModuleWithInstanceVariables

  def serializer
    raise NotImplementedError
  end

  def update_service
    raise NotImplementedError
  end

  def parent
    @project || @group # rubocop:disable Gitlab/ModuleWithInstanceVariables
  end
end
Enable frozen string in app/controllers/*/.rb Enables frozen string for the following: * app/controllers/.rb app/controllers/admin/*/.rb * app/controllers/boards/*/.rb * app/controllers/ci/*/.rb * app/controllers/concerns/*/.rb Partially addresses #47424. 2018-09-14 01:42:05 -04:00			`# frozen_string_literal: true`

Minor improvements on IssuableActions 2016-03-21 09:12:52 -04:00			`module IssuableActions`
			`extend ActiveSupport::Concern`
Resolve "Filter discussion (tab) by comments or activity in issues and merge requests" 2018-10-23 05:49:45 -04:00			`include Gitlab::Utils::StrongMemoize`
Minor improvements on IssuableActions 2016-03-21 09:12:52 -04:00
			`included do`
			`before_action :authorize_destroy_issuable!, only: :destroy`
Add bulk update support for merge requests list Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-06 08:49:49 -04:00			`before_action :authorize_admin_issuable!, only: :bulk_update`
Add reply to notes to turn into discussions 2019-02-06 05:31:46 -05:00			`before_action only: :show do`
			`push_frontend_feature_flag(:reply_to_individual_notes)`
			`end`
Minor improvements on IssuableActions 2016-03-21 09:12:52 -04:00			`end`

Backport of 5942-extract-ee-specific-files 2018-05-31 10:37:00 -04:00			`def permitted_keys`
			`[`
			`:issuable_ids,`
			`:assignee_id,`
			`:milestone_id,`
			`:state_event,`
			`:subscription_event,`
			`label_ids: [],`
			`add_label_ids: [],`
			`remove_label_ids: []`
			`]`
			`end`

CE port of code changed for epics 2017-11-01 13:35:14 -04:00			`def show`
			`respond_to do \|format\|`
Refactor sidebar to use data from serializer 2018-11-27 11:53:16 -05:00			`format.html do`
			`@issuable_sidebar = serializer.represent(issuable, serializer: 'sidebar') # rubocop:disable Gitlab/ModuleWithInstanceVariables`
			`end`

CE port of code changed for epics 2017-11-01 13:35:14 -04:00			`format.json do`
			`render json: serializer.represent(issuable, serializer: params[:serializer])`
			`end`
			`end`
			`end`

			`def update`
Move ModuleWithInstanceVariables to Gitlab namespace And use .rubocop.yml to exclude paths we don't care, rather than using the cop itself to exclude. 2017-11-22 02:50:36 -05:00			`@issuable = update_service.execute(issuable) # rubocop:disable Gitlab/ModuleWithInstanceVariables`
CE port of code changed for epics 2017-11-01 13:35:14 -04:00			`respond_to do \|format\|`
			`format.html do`
Add recaptcha_check_if_spammable for issualbes than arent spammables 2017-12-08 13:19:51 -05:00			`recaptcha_check_if_spammable { render :edit }`
CE port of code changed for epics 2017-11-01 13:35:14 -04:00			`end`

			`format.json do`
Add recaptcha_check_if_spammable for issualbes than arent spammables 2017-12-08 13:19:51 -05:00			`recaptcha_check_if_spammable(false) { render_entity_json }`
CE port of code changed for epics 2017-11-01 13:35:14 -04:00			`end`
			`end`

			`rescue ActiveRecord::StaleObjectError`
			`render_conflict_response`
			`end`

			`def realtime_changes`
			`Gitlab::PollingInterval.set_header(response, interval: 3_000)`

			`response = {`
			`title: view_context.markdown_field(issuable, :title),`
			`title_text: issuable.title,`
			`description: view_context.markdown_field(issuable, :description),`
			`description_text: issuable.description,`
Add lock version to issuable helpers 2018-12-20 19:19:17 -05:00			`task_status: issuable.task_status,`
			`lock_version: issuable.lock_version`
CE port of code changed for epics 2017-11-01 13:35:14 -04:00			`}`

			`if issuable.edited?`
Return last edited time instead of update time For issuable models we keep two timestamps: updated_at which is updated whenever any model attribute is changed, last_edited_at which is changed when only title or description is changed. In UI bellow description we display who and when updated the item. But last_edited_by (used for 'who') is mistakenly combined with updated_at (when), last_edited_at should be used instead. Closes #41247 2018-01-11 11:22:00 -05:00			`response[:updated_at] = issuable.last_edited_at.to_time.iso8601`
CE port of code changed for epics 2017-11-01 13:35:14 -04:00			`response[:updated_by_name] = issuable.last_edited_by.name`
			`response[:updated_by_path] = user_path(issuable.last_edited_by)`
			`end`

			`render json: response`
			`end`

Minor improvements on IssuableActions 2016-03-21 09:12:52 -04:00			`def destroy`
Minor backport from EE 2017-11-29 05:27:36 -05:00			`Issuable::DestroyService.new(issuable.project, current_user).execute(issuable)`
Minor improvements on IssuableActions 2016-03-21 09:12:52 -04:00
Backport some changes done from Time Tracking feature in EE. 2016-11-18 21:19:04 -05:00			`name = issuable.human_class_name`
Minor improvements on IssuableActions 2016-03-21 09:12:52 -04:00			`flash[:notice] = "The #{name} was successfully deleted."`
Refactor issuable destroy action 2017-11-02 10:51:42 -04:00			`index_path = polymorphic_path([parent, issuable.class])`
Added inline issue edit form actions [ci skip] 2017-05-12 06:23:30 -04:00
			`respond_to do \|format\|`
			`format.html { redirect_to index_path }`
			`format.json do`
			`render json: {`
Warn before moving issue in inline edit form [ci skip] 2017-05-25 06:58:40 -04:00			`web_url: index_path`
Added inline issue edit form actions [ci skip] 2017-05-12 06:23:30 -04:00			`}`
			`end`
			`end`
Minor improvements on IssuableActions 2016-03-21 09:12:52 -04:00			`end`

Add bulk update support for merge requests list Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-06 08:49:49 -04:00			`def bulk_update`
			`result = Issuable::BulkUpdateService.new(project, current_user, bulk_update_params).execute(resource_name)`
			`quantity = result[:count]`

			`render json: { notice: "#{quantity} #{resource_name.pluralize(quantity)} updated" }`
			`end`

Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: disable CodeReuse/ActiveRecord`
Render MR Notes with Vue with behind a cookie 2018-02-27 19:10:43 -05:00			`def discussions`
Changes tab VUE refactoring 2018-06-21 08:22:40 -04:00			`notes = issuable.discussion_notes`
Render MR Notes with Vue with behind a cookie 2018-02-27 19:10:43 -05:00			`.inc_relations_for_view`
Resolve "Filter discussion (tab) by comments or activity in issues and merge requests" 2018-10-23 05:49:45 -04:00			`.with_notes_filter(notes_filter)`
Render MR Notes with Vue with behind a cookie 2018-02-27 19:10:43 -05:00			`.includes(:noteable)`
			`.fresh`

Resolve "Filter discussion (tab) by comments or activity in issues and merge requests" 2018-10-23 05:49:45 -04:00			`if notes_filter != UserPreference::NOTES_FILTERS[:only_comments]`
			`notes = ResourceEvents::MergeIntoNotesService.new(issuable, current_user).execute(notes)`
			`end`

Render MR Notes with Vue with behind a cookie 2018-02-27 19:10:43 -05:00			`notes = prepare_notes_for_rendering(notes)`
			`notes = notes.reject { \|n\| n.cross_reference_not_visible_for?(current_user) }`

			`discussions = Discussion.build_collection(notes, issuable)`

Refactor discussions/notes code 2018-04-03 12:03:00 -04:00			`render json: discussion_serializer.represent(discussions, context: self)`
Render MR Notes with Vue with behind a cookie 2018-02-27 19:10:43 -05:00			`end`
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: enable CodeReuse/ActiveRecord`
Render MR Notes with Vue with behind a cookie 2018-02-27 19:10:43 -05:00
Minor improvements on IssuableActions 2016-03-21 09:12:52 -04:00			`private`

Resolve "Filter discussion (tab) by comments or activity in issues and merge requests" 2018-10-23 05:49:45 -04:00			`def notes_filter`
			`strong_memoize(:notes_filter) do`
			`notes_filter_param = params[:notes_filter]&.to_i`

			`# GitLab Geo does not expect database UPDATE or INSERT statements to happen`
			`# on GET requests.`
			`# This is just a fail-safe in case notes_filter is sent via GET request in GitLab Geo.`
			`if Gitlab::Database.read_only?`
			`notes_filter_param \|\| current_user&.notes_filter_for(issuable)`
			`else`
			`notes_filter = current_user&.set_notes_filter(notes_filter_param, issuable) \|\| notes_filter_param`

			`# We need to invalidate the cache for polling notes otherwise it will`
			`# ignore the filter.`
			`# The ideal would be to invalidate the cache for each user.`
			`issuable.expire_note_etag_cache if notes_filter_updated?`

			`notes_filter`
			`end`
			`end`
			`end`

			`def notes_filter_updated?`
			`current_user&.user_preference&.previous_changes&.any?`
			`end`

Refactor discussions/notes code 2018-04-03 12:03:00 -04:00			`def discussion_serializer`
			`DiscussionSerializer.new(project: project, noteable: issuable, current_user: current_user, note_entity: ProjectNoteEntity)`
			`end`

Add recaptcha_check_if_spammable for issualbes than arent spammables 2017-12-08 13:19:51 -05:00			`def recaptcha_check_if_spammable(should_redirect = true, &block)`
Backport changes from EE 2017-12-15 06:37:57 -05:00			`return yield unless issuable.is_a? Spammable`
Add recaptcha_check_if_spammable for issualbes than arent spammables 2017-12-08 13:19:51 -05:00
			`recaptcha_check_with_fallback(should_redirect, &block)`
			`end`

Fix issuable stale object error handler for js when updating tasklists 2017-01-16 13:43:03 -05:00			`def render_conflict_response`
			`respond_to do \|format\|`
			`format.html do`
Move ModuleWithInstanceVariables to Gitlab namespace And use .rubocop.yml to exclude paths we don't care, rather than using the cop itself to exclude. 2017-11-22 02:50:36 -05:00			`@conflict = true # rubocop:disable Gitlab/ModuleWithInstanceVariables`
Fix issuable stale object error handler for js when updating tasklists 2017-01-16 13:43:03 -05:00			`render :edit`
			`end`

			`format.json do`
			`render json: {`
			`errors: [`
			`"Someone edited this #{issuable.human_class_name} at the same time you did. Please refresh your browser and make sure your changes will not unintentionally remove theirs."`
Specs for caching and issue controller changes 2019-01-23 16:58:46 -05:00			`]`
Updates from `rubocop -a` 2018-07-02 06:43:06 -04:00			`}, status: :conflict`
Fix issuable stale object error handler for js when updating tasklists 2017-01-16 13:43:03 -05:00			`end`
			`end`
			`end`

Minor improvements on IssuableActions 2016-03-21 09:12:52 -04:00			`def authorize_destroy_issuable!`
Refactor code for bulk update merge requests feature Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-08 08:33:53 -04:00			`unless can?(current_user, :"destroy_#{issuable.to_ability_name}", issuable)`
Minor improvements on IssuableActions 2016-03-21 09:12:52 -04:00			`return access_denied!`
			`end`
			`end`
Add bulk update support for merge requests list Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-06 08:49:49 -04:00
			`def authorize_admin_issuable!`
Move ModuleWithInstanceVariables to Gitlab namespace And use .rubocop.yml to exclude paths we don't care, rather than using the cop itself to exclude. 2017-11-22 02:50:36 -05:00			`unless can?(current_user, :"admin_#{resource_name}", @project) # rubocop:disable Gitlab/ModuleWithInstanceVariables`
Add bulk update support for merge requests list Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-06 08:49:49 -04:00			`return access_denied!`
			`end`
			`end`

CE port of code changed for epics 2017-11-01 13:35:14 -04:00			`def authorize_update_issuable!`
			`render_404 unless can?(current_user, :"update_#{resource_name}", issuable)`
			`end`

Add bulk update support for merge requests list Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-06 08:49:49 -04:00			`def bulk_update_params`
Backport of 5942-extract-ee-specific-files 2018-05-31 10:37:00 -04:00			`permitted_keys_array = permitted_keys.dup`
fix for Follow-up from "Backport of Multiple Assignees feature 2017-05-08 10:58:42 -04:00
			`if resource_name == 'issue'`
Backport of 5942-extract-ee-specific-files 2018-05-31 10:37:00 -04:00			`permitted_keys_array << { assignee_ids: [] }`
fix for Follow-up from "Backport of Multiple Assignees feature 2017-05-08 10:58:42 -04:00			`else`
Backport of 5942-extract-ee-specific-files 2018-05-31 10:37:00 -04:00			`permitted_keys_array.unshift(:assignee_id)`
fix for Follow-up from "Backport of Multiple Assignees feature 2017-05-08 10:58:42 -04:00			`end`

Backport of 5942-extract-ee-specific-files 2018-05-31 10:37:00 -04:00			`params.require(:update).permit(permitted_keys_array)`
Add bulk update support for merge requests list Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-06 08:49:49 -04:00			`end`

			`def resource_name`
			`@resource_name \|\|= controller_name.singularize`
			`end`
CE port of code changed for epics 2017-11-01 13:35:14 -04:00
Move ModuleWithInstanceVariables to Gitlab namespace And use .rubocop.yml to exclude paths we don't care, rather than using the cop itself to exclude. 2017-11-22 02:50:36 -05:00			`# rubocop:disable Gitlab/ModuleWithInstanceVariables`
CE port of code changed for epics 2017-11-01 13:35:14 -04:00			`def render_entity_json`
			`if @issuable.valid?`
			`render json: serializer.represent(@issuable)`
			`else`
			`render json: { errors: @issuable.errors.full_messages }, status: :unprocessable_entity`
			`end`
			`end`
Move ModuleWithInstanceVariables to Gitlab namespace And use .rubocop.yml to exclude paths we don't care, rather than using the cop itself to exclude. 2017-11-22 02:50:36 -05:00			`# rubocop:enable Gitlab/ModuleWithInstanceVariables`
CE port of code changed for epics 2017-11-01 13:35:14 -04:00
			`def serializer`
			`raise NotImplementedError`
			`end`

			`def update_service`
			`raise NotImplementedError`
			`end`
Refactor issuable destroy action 2017-11-02 10:51:42 -04:00
			`def parent`
Move ModuleWithInstanceVariables to Gitlab namespace And use .rubocop.yml to exclude paths we don't care, rather than using the cop itself to exclude. 2017-11-22 02:50:36 -05:00			`@project \|\| @group # rubocop:disable Gitlab/ModuleWithInstanceVariables`
Refactor issuable destroy action 2017-11-02 10:51:42 -04:00			`end`
Minor improvements on IssuableActions 2016-03-21 09:12:52 -04:00			`end`