diff options
author | Douwe Maan <douwe@selenight.nl> | 2017-11-16 12:38:59 +0100 |
---|---|---|
committer | Douwe Maan <douwe@selenight.nl> | 2017-11-16 12:38:59 +0100 |
commit | 9be619c9d256fb8de9e14f550e2ec737e84a7127 (patch) | |
tree | f8062f3ad97f1df372ae5b5a35159a2a8ebafaf5 | |
parent | a4072db0198896242886d22c644ed91c1016aa8d (diff) | |
download | gitlab-ce-dm-cleanup-notes-controllers.tar.gz |
WIP: Clean up notes controllersdm-cleanup-notes-controllers
-rw-r--r-- | app/controllers/projects/notes_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/snippets/notes_controller.rb | 2 | ||||
-rw-r--r-- | app/finders/notes_finder.rb | 1 | ||||
-rw-r--r-- | app/finders/snippets_finder.rb | 1 |
4 files changed, 6 insertions, 0 deletions
diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb index ef7d047b1ad..07cc0a7c597 100644 --- a/app/controllers/projects/notes_controller.rb +++ b/app/controllers/projects/notes_controller.rb @@ -75,6 +75,8 @@ class Projects::NotesController < Projects::ApplicationController end def authorize_create_note! + # TODO: Add :create_note for (personal?) snippets, instaed of :comment_personal_snippet? + # TODO: I think we should always check this return unless noteable.lockable? access_denied! unless can?(current_user, :create_note, noteable) end diff --git a/app/controllers/snippets/notes_controller.rb b/app/controllers/snippets/notes_controller.rb index f9496787b15..385fbd18d31 100644 --- a/app/controllers/snippets/notes_controller.rb +++ b/app/controllers/snippets/notes_controller.rb @@ -4,6 +4,8 @@ class Snippets::NotesController < ApplicationController skip_before_action :authenticate_user!, only: [:index] before_action :snippet + # TODO: Authorize create_snippet! + # TODO: Always make sure we can actually read the snippet before_action :authorize_read_snippet!, only: [:show, :index, :create] private diff --git a/app/finders/notes_finder.rb b/app/finders/notes_finder.rb index 02eb983bf55..926ecf344ef 100644 --- a/app/finders/notes_finder.rb +++ b/app/finders/notes_finder.rb @@ -69,6 +69,7 @@ class NotesFinder when "snippet", "project_snippet" SnippetsFinder.new(@current_user, project: @project).execute when "personal_snippet" + # TODO: Use finder PersonalSnippet.all else raise 'invalid target_type' diff --git a/app/finders/snippets_finder.rb b/app/finders/snippets_finder.rb index c04f61de79c..6ce1239ba80 100644 --- a/app/finders/snippets_finder.rb +++ b/app/finders/snippets_finder.rb @@ -56,6 +56,7 @@ class SnippetsFinder < UnionFinder def by_project(items) return items unless params[:project] + # TODO: Add where(type: ProjectSnippet.name) items.where(project_id: params[:project].id) end |