gitlab-org--gitlab-foss/app/controllers/projects/notes_controller.rb

class Projects::NotesController < Projects::ApplicationController
  include RendersNotes
  include NotesActions
  include NotesHelper
  include ToggleAwardEmoji

  before_action :whitelist_query_limiting, only: [:create]
  before_action :authorize_read_note!
  before_action :authorize_create_note!, only: [:create]
  before_action :authorize_resolve_note!, only: [:resolve, :unresolve]

  def delete_attachment
    note.remove_attachment!
    note.update_attribute(:attachment, nil)

    respond_to do |format|
      format.js { head :ok }
    end
  end

  def resolve
    return render_404 unless note.resolvable?

    Notes::ResolveService.new(project, current_user).execute(note)

    discussion = note.discussion

    if serialize_notes?
      render_json_with_notes_serializer
    else
      render json: {
        resolved_by: note.resolved_by.try(:name),
        discussion_headline_html: (view_to_html_string('discussions/_headline', discussion: discussion) if discussion)
      }
    end
  end

  def unresolve
    return render_404 unless note.resolvable?

    note.unresolve!

    discussion = note.discussion

    if serialize_notes?
      render_json_with_notes_serializer
    else
      render json: {
        discussion_headline_html: (view_to_html_string('discussions/_headline', discussion: discussion) if discussion)
      }
    end
  end

  private

  def render_json_with_notes_serializer
    prepare_notes_for_rendering([note])

    render json: note_serializer.represent(note)
  end

  def note
    @note ||= @project.notes.find(params[:id])
  end

  alias_method :awardable, :note

  def finder_params
    params.merge(last_fetched_at: last_fetched_at)
  end

  def authorize_admin_note!
    return access_denied! unless can?(current_user, :admin_note, note)
  end

  def authorize_resolve_note!
    return access_denied! unless can?(current_user, :resolve_note, note)
  end

  def authorize_create_note!
    return unless noteable.lockable?

    access_denied! unless can?(current_user, :create_note, noteable)
  end

  def whitelist_query_limiting
    Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42383')
  end
end
Move projects controllers/views in Projects module 2013-06-23 12:47:22 -04:00			`class Projects::NotesController < Projects::ApplicationController`
Show the status of a user in interactions The status is shown for - The author of a commit when viewing a commit - Notes on a commit (regular/diff) - The user that triggered a pipeline when viewing a pipeline - The author of a merge request when viewing a merge request - The author of notes on a merge request (regular/diff) - The author of an issue when viewing an issue - The author of notes on an issue - The author of a snippet when viewing a snippet - The author of notes on a snippet - A user's profile page - The list of members of a group/user 2018-07-16 12:18:52 -04:00			`include RendersNotes`
Display comments for personal snippets 2017-04-27 06:41:26 -04:00			`include NotesActions`
Render MR Notes with Vue with behind a cookie 2018-02-27 19:10:43 -05:00			`include NotesHelper`
Backend awardables on comments 2016-05-25 15:07:36 -04:00			`include ToggleAwardEmoji`

Track and act upon the number of executed queries This ensures that we have more visibility in the number of SQL queries that are executed in web requests. The current threshold is hardcoded to 100 as we will rarely (maybe once or twice) change it. In production and development we use Sentry if enabled, in the test environment we raise an error. This feature is also only enabled in production/staging when running on GitLab.com as it's not very useful to other users. 2018-01-15 10:21:04 -05:00			`before_action :whitelist_query_limiting, only: [:create]`
Fixed the Rails/ActionFilter cop Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-04-16 08:03:37 -04:00			`before_action :authorize_read_note!`
Update controller filters Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-06-26 10:44:21 -04:00			`before_action :authorize_create_note!, only: [:create]`
Add specs for NotesController and DiscussionsController 2016-08-12 17:24:09 -04:00			`before_action :authorize_resolve_note!, only: [:resolve, :unresolve]`
init commit 2011-10-08 17:36:38 -04:00
Added update and delete_attachment actions to note controller 2013-06-25 18:46:07 -04:00			`def delete_attachment`
Switch Notes controller to use json Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-12-25 15:32:23 -05:00			`note.remove_attachment!`
			`note.update_attribute(:attachment, nil)`
Added update and delete_attachment actions to note controller 2013-06-25 18:46:07 -04:00
			`respond_to do \|format\|`
Change deprecated usage of rendering without response body `render nothing: true` has been deprecated. For more information see [pr](https://github.com/rails/rails/pull/20336) 2016-03-15 21:16:25 -04:00			`format.js { head :ok }`
Added update and delete_attachment actions to note controller 2013-06-25 18:46:07 -04:00			`end`
			`end`

Posts to rails to update note eventually 2016-07-04 10:00:39 -04:00			`def resolve`
Add endpoints to resolve diff notes and discussions 2016-07-26 00:43:47 -04:00			`return render_404 unless note.resolvable?`

Merge request and commit discussions API 2018-05-01 08:39:44 -04:00			`Notes::ResolveService.new(project, current_user).execute(note)`
Actually don't send resolved notifications when deleting a note 2016-08-03 20:16:37 -04:00
Backend tweaks 2016-07-28 22:09:36 -04:00			`discussion = note.discussion`
Updates the text above discussions when resolving notes & discussions 2016-07-27 13:34:04 -04:00
Render MR Notes with Vue with behind a cookie 2018-02-27 19:10:43 -05:00			`if serialize_notes?`
			`render_json_with_notes_serializer`
			`else`
			`render json: {`
			`resolved_by: note.resolved_by.try(:name),`
			`discussion_headline_html: (view_to_html_string('discussions/_headline', discussion: discussion) if discussion)`
			`}`
			`end`
Posts to rails to update note eventually 2016-07-04 10:00:39 -04:00			`end`

Add endpoints to resolve diff notes and discussions 2016-07-26 00:43:47 -04:00			`def unresolve`
			`return render_404 unless note.resolvable?`

			`note.unresolve!`

Backend tweaks 2016-07-28 22:09:36 -04:00			`discussion = note.discussion`
Updates the text above discussions when resolving notes & discussions 2016-07-27 13:34:04 -04:00
Render MR Notes with Vue with behind a cookie 2018-02-27 19:10:43 -05:00			`if serialize_notes?`
			`render_json_with_notes_serializer`
			`else`
			`render json: {`
			`discussion_headline_html: (view_to_html_string('discussions/_headline', discussion: discussion) if discussion)`
			`}`
			`end`
Resolve all endpoint 2016-07-05 12:27:07 -04:00			`end`

Switch Notes controller to use json Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-12-25 15:32:23 -05:00			`private`

Render MR Notes with Vue with behind a cookie 2018-02-27 19:10:43 -05:00			`def render_json_with_notes_serializer`
Show the status of a user in interactions The status is shown for - The author of a commit when viewing a commit - Notes on a commit (regular/diff) - The user that triggered a pipeline when viewing a pipeline - The author of a merge request when viewing a merge request - The author of notes on a merge request (regular/diff) - The author of an issue when viewing an issue - The author of notes on an issue - The author of a snippet when viewing a snippet - The author of notes on a snippet - A user's profile page - The list of members of a group/user 2018-07-16 12:18:52 -04:00			`prepare_notes_for_rendering([note])`
Render MR Notes with Vue with behind a cookie 2018-02-27 19:10:43 -05:00
			`render json: note_serializer.represent(note)`
			`end`

Switch Notes controller to use json Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-12-25 15:32:23 -05:00			`def note`
			`@note \|\|= @project.notes.find(params[:id])`
			`end`
Render MR Notes with Vue with behind a cookie 2018-02-27 19:10:43 -05:00
Backend awardables on comments 2016-05-25 15:07:36 -04:00			`alias_method :awardable, :note`
Switch Notes controller to use json Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-12-25 15:32:23 -05:00
Display comments for personal snippets 2017-04-27 06:41:26 -04:00			`def finder_params`
			`params.merge(last_fetched_at: last_fetched_at)`
Switch Notes controller to use json Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-12-25 15:32:23 -05:00			`end`
Note strong_params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 09:49:22 -04:00
Support discussion locking in the backend 2017-08-30 10:57:50 -04:00			`def authorize_admin_note!`
			`return access_denied! unless can?(current_user, :admin_note, note)`
			`end`

Add endpoints to resolve diff notes and discussions 2016-07-26 00:43:47 -04:00			`def authorize_resolve_note!`
			`return access_denied! unless can?(current_user, :resolve_note, note)`
			`end`
Support discussion locking in the backend 2017-08-30 10:57:50 -04:00
			`def authorize_create_note!`
Create system notes for MR too, improve doc + clean up code 2017-09-01 08:03:57 -04:00			`return unless noteable.lockable?`
Adds Rubocop rule for line break after guard clause Adds a rubocop rule (with autocorrect) to ensure line break after guard clauses. 2017-11-14 04:02:39 -05:00
Support discussion locking in the backend 2017-08-30 10:57:50 -04:00			`access_denied! unless can?(current_user, :create_note, noteable)`
			`end`
Track and act upon the number of executed queries This ensures that we have more visibility in the number of SQL queries that are executed in web requests. The current threshold is hardcoded to 100 as we will rarely (maybe once or twice) change it. In production and development we use Sentry if enabled, in the test environment we raise an error. This feature is also only enabled in production/staging when running on GitLab.com as it's not very useful to other users. 2018-01-15 10:21:04 -05:00
			`def whitelist_query_limiting`
			`Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42383')`
			`end`
init commit 2011-10-08 17:36:38 -04:00			`end`