Continue BE backport

author: Felipe Artur <felipefac@gmail.com> 2017-08-31 14:48:57 -0300
committer: Felipe Artur <felipefac@gmail.com> 2017-08-31 14:48:57 -0300
commit: 8077b728bc26e9ece8055b8301033238ddbdf3f5 (patch)
tree: e22b26fe9b8ca3343c2eded3c1b024704d86221c /app/controllers/concerns/boards_responses.rb
parent: f2a43ff5b7eec188ffc470649bf40d268cbdce2a (diff)
download: gitlab-ce-8077b728bc26e9ece8055b8301033238ddbdf3f5.tar.gz
1 files changed, 42 insertions, 0 deletions
diff --git a/app/controllers/concerns/boards_responses.rb b/app/controllers/concerns/boards_responses.rb
new file mode 100644
index 00000000000..2c9c095a5d7
--- /dev/null
+++ b/app/controllers/concerns/boards_responses.rb
@@ -0,0 +1,42 @@
+module BoardsResponses
+  def authorize_read_list
+    authorize_action_for!(board.parent, :read_list)
+  end
+
+  def authorize_read_issue
+    authorize_action_for!(board.parent, :read_issue)
+  end
+
+  def authorize_update_issue
+    authorize_action_for!(issue, :admin_issue)
+  end
+
+  def authorize_create_issue
+    authorize_action_for!(project, :admin_issue)
+  end
+
+  def authorize_admin_list
+    authorize_action_for!(board.parent, :admin_list)
+  end
+
+  def authorize_action_for!(resource, ability)
+    return render_403 unless can?(current_user, ability, resource)
+  end
+
+  def respond_with_boards
+    respond_with(@boards)
+  end
+
+  def respond_with_board
+    respond_with(@board)
+  end
+
+  def respond_with(resource)
+    respond_to do |format|
+      format.html
+      format.json do
+        render json: serialize_as_json(resource)
+      end
+    end
+  end
+end
author	Felipe Artur <felipefac@gmail.com>	2017-08-31 14:48:57 -0300
committer	Felipe Artur <felipefac@gmail.com>	2017-08-31 14:48:57 -0300
commit	8077b728bc26e9ece8055b8301033238ddbdf3f5 (patch)
tree	e22b26fe9b8ca3343c2eded3c1b024704d86221c /app/controllers/concerns/boards_responses.rb
parent	f2a43ff5b7eec188ffc470649bf40d268cbdce2a (diff)
download	gitlab-ce-8077b728bc26e9ece8055b8301033238ddbdf3f5.tar.gz