summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDouwe Maan <douwe@selenight.nl>2017-11-16 12:38:59 +0100
committerDouwe Maan <douwe@selenight.nl>2017-11-16 12:38:59 +0100
commit9be619c9d256fb8de9e14f550e2ec737e84a7127 (patch)
treef8062f3ad97f1df372ae5b5a35159a2a8ebafaf5
parenta4072db0198896242886d22c644ed91c1016aa8d (diff)
downloadgitlab-ce-dm-cleanup-notes-controllers.tar.gz
WIP: Clean up notes controllersdm-cleanup-notes-controllers
Diffstat
-rw-r--r--app/controllers/projects/notes_controller.rb2
-rw-r--r--app/controllers/snippets/notes_controller.rb2
-rw-r--r--app/finders/notes_finder.rb1
-rw-r--r--app/finders/snippets_finder.rb1
4 files changed, 6 insertions, 0 deletions
diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index ef7d047b1ad..07cc0a7c597 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -75,6 +75,8 @@ class Projects::NotesController < Projects::ApplicationController
end
def authorize_create_note!
+ # TODO: Add :create_note for (personal?) snippets, instaed of :comment_personal_snippet?
+ # TODO: I think we should always check this
return unless noteable.lockable?
access_denied! unless can?(current_user, :create_note, noteable)
end
diff --git a/app/controllers/snippets/notes_controller.rb b/app/controllers/snippets/notes_controller.rb
index f9496787b15..385fbd18d31 100644
--- a/app/controllers/snippets/notes_controller.rb
+++ b/app/controllers/snippets/notes_controller.rb
@@ -4,6 +4,8 @@ class Snippets::NotesController < ApplicationController
skip_before_action :authenticate_user!, only: [:index]
before_action :snippet
+ # TODO: Authorize create_snippet!
+ # TODO: Always make sure we can actually read the snippet
before_action :authorize_read_snippet!, only: [:show, :index, :create]
private
diff --git a/app/finders/notes_finder.rb b/app/finders/notes_finder.rb
index 02eb983bf55..926ecf344ef 100644
--- a/app/finders/notes_finder.rb
+++ b/app/finders/notes_finder.rb
@@ -69,6 +69,7 @@ class NotesFinder
when "snippet", "project_snippet"
SnippetsFinder.new(@current_user, project: @project).execute
when "personal_snippet"
+ # TODO: Use finder
PersonalSnippet.all
else
raise 'invalid target_type'
diff --git a/app/finders/snippets_finder.rb b/app/finders/snippets_finder.rb
index c04f61de79c..6ce1239ba80 100644
--- a/app/finders/snippets_finder.rb
+++ b/app/finders/snippets_finder.rb
@@ -56,6 +56,7 @@ class SnippetsFinder < UnionFinder
def by_project(items)
return items unless params[:project]
+ # TODO: Add where(type: ProjectSnippet.name)
items.where(project_id: params[:project].id)
end
View Lorry Controller Status