gitlab-org--gitlab-foss/app/controllers/dashboard/todos_controller.rb
Sean McGivern b80653bb6a Merge branch 'open-redirect-host-fix' into 'security'
Fix for three open redirect vulns using redirect_to url_for(params.merge)))

See merge request !2082
2017-04-05 21:06:58 -07:00

63 lines
1.7 KiB
Ruby

class Dashboard::TodosController < Dashboard::ApplicationController
include ActionView::Helpers::NumberHelper
before_action :find_todos, only: [:index, :destroy_all]
def index
@sort = params[:sort]
@todos = @todos.page(params[:page])
if @todos.out_of_range? && @todos.total_pages != 0
redirect_to url_for(params.merge(page: @todos.total_pages, only_path: true))
end
end
def destroy
TodoService.new.mark_todos_as_done_by_ids([params[:id]], current_user)
respond_to do |format|
format.html { redirect_to dashboard_todos_path, notice: 'Todo was successfully marked as done.' }
format.js { head :ok }
format.json { render json: todos_counts }
end
end
def destroy_all
updated_ids = TodoService.new.mark_todos_as_done(@todos, current_user)
respond_to do |format|
format.html { redirect_to dashboard_todos_path, notice: 'All todos were marked as done.' }
format.js { head :ok }
format.json { render json: todos_counts.merge(updated_ids: updated_ids) }
end
end
def restore
TodoService.new.mark_todos_as_pending_by_ids([params[:id]], current_user)
render json: todos_counts
end
def bulk_restore
TodoService.new.mark_todos_as_pending_by_ids(params[:ids], current_user)
render json: todos_counts
end
# Used in TodosHelper also
def self.todos_count_format(count)
count >= 100 ? '99+' : count
end
private
def find_todos
@todos ||= TodosFinder.new(current_user, params).execute
end
def todos_counts
{
count: number_with_delimiter(current_user.todos_pending_count),
done_count: number_with_delimiter(current_user.todos_done_count)
}
end
end