gitlab-org--gitlab-foss/app/controllers/concerns/routable_actions.rb
Thong Kuah 28dabc67f4 Restore 403 functionality for external auth (EE)
When we unhooked ClustersController from
Project::ApplicationsController, we missed an EE override to
handle_not_found_or_authorized.

Rather than carry on with override RoutingActions, make a specific proc
for Project that we override in EE instead. Use that proc in both
Clusters::BaseController and Project::ApplicationsController.
2018-11-01 19:37:32 +13:00

47 lines
1.4 KiB
Ruby

# frozen_string_literal: true
module RoutableActions
extend ActiveSupport::Concern
def find_routable!(routable_klass, requested_full_path, extra_authorization_proc: nil, not_found_or_authorized_proc: nil)
routable = routable_klass.find_by_full_path(requested_full_path, follow_redirects: request.get?)
if routable_authorized?(routable, extra_authorization_proc)
ensure_canonical_path(routable, requested_full_path)
routable
else
if not_found_or_authorized_proc
not_found_or_authorized_proc.call(routable)
end
route_not_found unless performed?
nil
end
end
def routable_authorized?(routable, extra_authorization_proc)
return false unless routable
action = :"read_#{routable.class.to_s.underscore}"
return false unless can?(current_user, action, routable)
if extra_authorization_proc
extra_authorization_proc.call(routable)
else
true
end
end
def ensure_canonical_path(routable, requested_full_path)
return unless request.get?
canonical_path = routable.full_path
if canonical_path != requested_full_path
if canonical_path.casecmp(requested_full_path) != 0
flash[:notice] = "#{routable.class.to_s.titleize} '#{requested_full_path}' was moved to '#{canonical_path}'. Please update any links and bookmarks that may still have the old path."
end
redirect_to build_canonical_path(routable)
end
end
end