9bfc531ec6
Safari 9.0 does not yet honor the HTML5 `origin-when-cross-origin` mode, and it's possible load balancers/proxies strip the HTTP_REFERER from the request header. In these cases, default to some default path. Closes #3122 Closes https://github.com/gitlabhq/gitlabhq/issues/9731
135 lines
3.1 KiB
Ruby
135 lines
3.1 KiB
Ruby
class Projects::NotesController < Projects::ApplicationController
|
|
# Authorize
|
|
before_action :authorize_read_note!
|
|
before_action :authorize_create_note!, only: [:create]
|
|
before_action :authorize_admin_note!, only: [:update, :destroy]
|
|
before_action :find_current_user_notes, except: [:destroy, :delete_attachment]
|
|
|
|
def index
|
|
current_fetched_at = Time.now.to_i
|
|
|
|
notes_json = { notes: [], last_fetched_at: current_fetched_at }
|
|
|
|
@notes.each do |note|
|
|
notes_json[:notes] << {
|
|
id: note.id,
|
|
html: note_to_html(note)
|
|
}
|
|
end
|
|
|
|
render json: notes_json
|
|
end
|
|
|
|
def create
|
|
@note = Notes::CreateService.new(project, current_user, note_params).execute
|
|
|
|
respond_to do |format|
|
|
format.json { render_note_json(@note) }
|
|
format.html { redirect_back_or_default }
|
|
end
|
|
end
|
|
|
|
def update
|
|
@note = Notes::UpdateService.new(project, current_user, note_params).execute(note)
|
|
|
|
respond_to do |format|
|
|
format.json { render_note_json(@note) }
|
|
format.html { redirect_back_or_default }
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
if note.editable?
|
|
note.destroy
|
|
note.reset_events_cache
|
|
end
|
|
|
|
respond_to do |format|
|
|
format.js { render nothing: true }
|
|
end
|
|
end
|
|
|
|
def delete_attachment
|
|
note.remove_attachment!
|
|
note.update_attribute(:attachment, nil)
|
|
|
|
respond_to do |format|
|
|
format.js { render nothing: true }
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def note
|
|
@note ||= @project.notes.find(params[:id])
|
|
end
|
|
|
|
def note_to_html(note)
|
|
render_to_string(
|
|
"projects/notes/_note",
|
|
layout: false,
|
|
formats: [:html],
|
|
locals: { note: note }
|
|
)
|
|
end
|
|
|
|
def note_to_discussion_html(note)
|
|
if params[:view] == 'parallel'
|
|
template = "projects/notes/_diff_notes_with_reply_parallel"
|
|
locals =
|
|
if params[:line_type] == 'old'
|
|
{ notes_left: [note], notes_right: [] }
|
|
else
|
|
{ notes_left: [], notes_right: [note] }
|
|
end
|
|
else
|
|
template = "projects/notes/_diff_notes_with_reply"
|
|
locals = { notes: [note] }
|
|
end
|
|
|
|
render_to_string(
|
|
template,
|
|
layout: false,
|
|
formats: [:html],
|
|
locals: locals
|
|
)
|
|
end
|
|
|
|
def note_to_discussion_with_diff_html(note)
|
|
return unless note.for_diff_line?
|
|
|
|
render_to_string(
|
|
"projects/notes/_discussion",
|
|
layout: false,
|
|
formats: [:html],
|
|
locals: { discussion_notes: [note] }
|
|
)
|
|
end
|
|
|
|
def render_note_json(note)
|
|
render json: {
|
|
id: note.id,
|
|
discussion_id: note.discussion_id,
|
|
html: note_to_html(note),
|
|
discussion_html: note_to_discussion_html(note),
|
|
discussion_with_diff_html: note_to_discussion_with_diff_html(note)
|
|
}
|
|
end
|
|
|
|
def authorize_admin_note!
|
|
return access_denied! unless can?(current_user, :admin_note, note)
|
|
end
|
|
|
|
def note_params
|
|
params.require(:note).permit(
|
|
:note, :noteable, :noteable_id, :noteable_type, :project_id,
|
|
:attachment, :line_code, :commit_id
|
|
)
|
|
end
|
|
|
|
private
|
|
|
|
def find_current_user_notes
|
|
@notes = NotesFinder.new.execute(project, current_user, params)
|
|
end
|
|
end
|