kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

API: Introduce `#find_group!` which also check access permission 

Signed-off-by: Rémy Coutable <remy@rymai.me>
This commit is contained in:
Rémy Coutable 2016-11-24 16:58:32 +01:00
parent 4f5ed81232
commit 81ba3f9177
No known key found for this signature in database
GPG Key ID: 46DF07E5CD9E96AB
4 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/api/groups.rb
View File

@ -82,7 +82,7 @@ module API
:lfs_enabled, :request_access_enabled :lfs_enabled, :request_access_enabled
end end
put ':id' do put ':id' do
group = find_group(params[:id]) group = find_group!(params[:id])
authorize! :admin_group, group authorize! :admin_group, group
if ::Groups::UpdateService.new(group, current_user, declared_params(include_missing: false)).execute if ::Groups::UpdateService.new(group, current_user, declared_params(include_missing: false)).execute
@ -96,13 +96,13 @@ module API
success Entities::GroupDetail success Entities::GroupDetail
end end
get ":id" do get ":id" do
group = find_group(params[:id]) group = find_group!(params[:id])
present group, with: Entities::GroupDetail present group, with: Entities::GroupDetail
end end
desc 'Remove a group.' desc 'Remove a group.'
delete ":id" do delete ":id" do
group = find_group(params[:id]) group = find_group!(params[:id])
authorize! :admin_group, group authorize! :admin_group, group
DestroyGroupService.new(group, current_user).execute DestroyGroupService.new(group, current_user).execute
end end
@ -111,7 +111,7 @@ module API
success Entities::Project success Entities::Project
end end
get ":id/projects" do get ":id/projects" do
group = find_group(params[:id]) group = find_group!(params[:id])
projects = GroupProjectsFinder.new(group).execute(current_user) projects = GroupProjectsFinder.new(group).execute(current_user)
projects = paginate projects projects = paginate projects
present projects, with: Entities::Project, user: current_user present projects, with: Entities::Project, user: current_user

10
lib/api/helpers.rb
View File

@ -105,7 +105,15 @@ module API
end end
def find_group(id) def find_group(id)
group = Group.find_by(path: id) || Group.find_by(id: id) if id =~ /^\d+$/
Group.find_by(id: id)
else
Group.find_by(path: id)
end
end
def find_group!(id)
group = find_group(id)
if can?(current_user, :read_group, group) if can?(current_user, :read_group, group)
group group

2
lib/api/helpers/members_helpers.rb
View File

@ -2,7 +2,7 @@ module API
module Helpers module Helpers
module MembersHelpers module MembersHelpers
def find_source(source_type, id) def find_source(source_type, id)
public_send("find_#{source_type}", id) public_send("find_#{source_type}!", id)
end end
def authorize_admin_source!(source_type, source) def authorize_admin_source!(source_type, source)

2
lib/api/issues.rb
View File

@ -68,7 +68,7 @@ module API
# GET /groups/:id/issues?milestone=1.0.0 # GET /groups/:id/issues?milestone=1.0.0
# GET /groups/:id/issues?milestone=1.0.0&state=closed # GET /groups/:id/issues?milestone=1.0.0&state=closed
get ":id/issues" do get ":id/issues" do
group = find_group(params[:id]) group = find_group!(params[:id])
params[:state] ||= 'opened' params[:state] ||= 'opened'
params[:group_id] = group.id params[:group_id] = group.id