dcdfa04b32
* adds basic discussions API for issues and snippets * reorganizes notes specs (so same tests can be used for all noteable types - issues, MRs, snippets)
76 lines
2.4 KiB
Ruby
76 lines
2.4 KiB
Ruby
module API
|
|
module Helpers
|
|
module NotesHelpers
|
|
def update_note(noteable, note_id)
|
|
note = noteable.notes.find(params[:note_id])
|
|
|
|
authorize! :admin_note, note
|
|
|
|
opts = {
|
|
note: params[:body]
|
|
}
|
|
parent = noteable_parent(noteable)
|
|
project = parent if parent.is_a?(Project)
|
|
|
|
note = ::Notes::UpdateService.new(project, current_user, opts).execute(note)
|
|
|
|
if note.valid?
|
|
present note, with: Entities::Note
|
|
else
|
|
bad_request!("Failed to save note #{note.errors.messages}")
|
|
end
|
|
end
|
|
|
|
def delete_note(noteable, note_id)
|
|
note = noteable.notes.find(note_id)
|
|
|
|
authorize! :admin_note, note
|
|
|
|
parent = noteable_parent(noteable)
|
|
project = parent if parent.is_a?(Project)
|
|
destroy_conditionally!(note) do |note|
|
|
::Notes::DestroyService.new(project, current_user).execute(note)
|
|
end
|
|
end
|
|
|
|
def get_note(noteable, note_id)
|
|
note = noteable.notes.with_metadata.find(params[:note_id])
|
|
can_read_note = can?(current_user, noteable_read_ability_name(noteable), noteable) && !note.cross_reference_not_visible_for?(current_user)
|
|
|
|
if can_read_note
|
|
present note, with: Entities::Note
|
|
else
|
|
not_found!("Note")
|
|
end
|
|
end
|
|
|
|
def noteable_read_ability_name(noteable)
|
|
"read_#{noteable.class.to_s.underscore}".to_sym
|
|
end
|
|
|
|
def find_noteable(parent, noteables_str, noteable_id)
|
|
public_send("find_#{parent}_#{noteables_str.singularize}", noteable_id) # rubocop:disable GitlabSecurity/PublicSend
|
|
end
|
|
|
|
def noteable_parent(noteable)
|
|
public_send("user_#{noteable.class.parent_class.to_s.underscore}") # rubocop:disable GitlabSecurity/PublicSend
|
|
end
|
|
|
|
def create_note(noteable, opts)
|
|
noteables_str = noteable.model_name.to_s.underscore.pluralize
|
|
|
|
return not_found!(noteables_str) unless can?(current_user, noteable_read_ability_name(noteable), noteable)
|
|
|
|
authorize! :create_note, noteable
|
|
|
|
parent = noteable_parent(noteable)
|
|
if opts[:created_at]
|
|
opts.delete(:created_at) unless current_user.admin? || parent.owner == current_user
|
|
end
|
|
|
|
project = parent if parent.is_a?(Project)
|
|
::Notes::CreateService.new(project, current_user, opts).execute
|
|
end
|
|
end
|
|
end
|
|
end
|