API: Introduce #find_project!
which also check access permission
Signed-off-by: Rémy Coutable <remy@rymai.me>
This commit is contained in:
parent
304163becb
commit
4f5ed81232
2 changed files with 11 additions and 8 deletions
|
@ -68,7 +68,7 @@ module API
|
|||
end
|
||||
|
||||
def user_project
|
||||
@project ||= find_project(params[:id])
|
||||
@project ||= find_project!(params[:id])
|
||||
end
|
||||
|
||||
def available_labels
|
||||
|
@ -76,12 +76,15 @@ module API
|
|||
end
|
||||
|
||||
def find_project(id)
|
||||
project =
|
||||
if id =~ /^\d+$/
|
||||
Project.find_by(id: id)
|
||||
else
|
||||
Project.find_with_namespace(id)
|
||||
end
|
||||
end
|
||||
|
||||
def find_project!(id)
|
||||
project = find_project(id)
|
||||
|
||||
if can?(current_user, :read_project, project)
|
||||
project
|
||||
|
|
|
@ -379,7 +379,7 @@ module API
|
|||
# POST /projects/:id/fork/:forked_from_id
|
||||
post ":id/fork/:forked_from_id" do
|
||||
authenticated_as_admin!
|
||||
forked_from_project = find_project(params[:forked_from_id])
|
||||
forked_from_project = find_project!(params[:forked_from_id])
|
||||
unless forked_from_project.nil?
|
||||
if user_project.forked_from_project.nil?
|
||||
user_project.create_forked_project_link(forked_to_project_id: user_project.id, forked_from_project_id: forked_from_project.id)
|
||||
|
|
Loading…
Reference in a new issue