Continue BE backport

10 files changed, 51 insertions, 6 deletions

diff --git a/app/controllers/boards/issues_controller.rb b/app/controllers/boards/issues_controller.rb
index 7d776d9b591..8ac23faa4b7 100644
--- a/app/controllers/boards/issues_controller.rb
+++ b/app/controllers/boards/issues_controller.rb
@@ -5,6 +5,7 @@ module Boards
     before_action :authorize_read_issue, only: [:index]
     before_action :authorize_create_issue, only: [:create]
     before_action :authorize_update_issue, only: [:update]
+    skip_before_action :authenticate_user!, only: [:index]
 
     def index
       issues = Boards::Issues::ListService.new(board_parent, current_user, filter_params).execute
diff --git a/app/controllers/boards/lists_controller.rb b/app/controllers/boards/lists_controller.rb
index a4ed37dab31..381fd4d7508 100644
--- a/app/controllers/boards/lists_controller.rb
+++ b/app/controllers/boards/lists_controller.rb
@@ -4,6 +4,7 @@ module Boards
 
     before_action :authorize_admin_list, only: [:create, :update, :destroy, :generate]
     before_action :authorize_read_list, only: [:index]
+    skip_before_action :authenticate_user!, only: [:index]
 
     def index
       lists = Boards::Lists::ListService.new(board.parent, current_user).execute(board)
diff --git a/app/controllers/concerns/boards_responses.rb b/app/controllers/concerns/boards_responses.rb
new file mode 100644
index 00000000000..2c9c095a5d7
--- /dev/null
+++ b/app/controllers/concerns/boards_responses.rb
@@ -0,0 +1,42 @@
+module BoardsResponses
+  def authorize_read_list
+    authorize_action_for!(board.parent, :read_list)
+  end
+
+  def authorize_read_issue
+    authorize_action_for!(board.parent, :read_issue)
+  end
+
+  def authorize_update_issue
+    authorize_action_for!(issue, :admin_issue)
+  end
+
+  def authorize_create_issue
+    authorize_action_for!(project, :admin_issue)
+  end
+
+  def authorize_admin_list
+    authorize_action_for!(board.parent, :admin_list)
+  end
+
+  def authorize_action_for!(resource, ability)
+    return render_403 unless can?(current_user, ability, resource)
+  end
+
+  def respond_with_boards
+    respond_with(@boards)
+  end
+
+  def respond_with_board
+    respond_with(@board)
+  end
+
+  def respond_with(resource)
+    respond_to do |format|
+      format.html
+      format.json do
+        render json: serialize_as_json(resource)
+      end
+    end
+  end
+end
diff --git a/app/controllers/projects/boards_controller.rb b/app/controllers/projects/boards_controller.rb
index 88a57749d78..04f2f77faf2 100644
--- a/app/controllers/projects/boards_controller.rb
+++ b/app/controllers/projects/boards_controller.rb
@@ -1,6 +1,6 @@
 class Projects::BoardsController < Projects::ApplicationController
-  include IssuableCollections
   include BoardsResponses
+  include IssuableCollections
 
   before_action :authorize_read_board!, only: [:index, :show]
   before_action :assign_endpoint_vars
diff --git a/app/models/label.rb b/app/models/label.rb
index 7fb017f9b0c..0298e7b417c 100644
--- a/app/models/label.rb
+++ b/app/models/label.rb
@@ -173,6 +173,7 @@ class Label < ActiveRecord::Base
 
   def as_json(options = {})
     super(options).tap do |json|
+      json[:type] = self.type
       json[:priority] = priority(options[:project]) if options.key?(:project)
     end
   end
diff --git a/app/services/boards/lists/create_service.rb b/app/services/boards/lists/create_service.rb
index dbb6c0694b9..183556a1d6b 100644
--- a/app/services/boards/lists/create_service.rb
+++ b/app/services/boards/lists/create_service.rb
@@ -1,6 +1,6 @@
 module Boards
   module Lists
-    class CreateService < BaseService
+    class CreateService < Boards::BaseService
       def execute(board)
         List.transaction do
           label    = available_labels_for(board).find(params[:label_id])
diff --git a/app/services/boards/lists/destroy_service.rb b/app/services/boards/lists/destroy_service.rb
index f986e05944c..d75c5fd3dc6 100644
--- a/app/services/boards/lists/destroy_service.rb
+++ b/app/services/boards/lists/destroy_service.rb
@@ -1,6 +1,6 @@
 module Boards
   module Lists
-    class DestroyService < BaseService
+    class DestroyService < Boards::BaseService
       def execute(list)
         return false unless list.destroyable?
 
diff --git a/app/services/boards/lists/generate_service.rb b/app/services/boards/lists/generate_service.rb
index 3bf37649787..05d4ab5dbcc 100644
--- a/app/services/boards/lists/generate_service.rb
+++ b/app/services/boards/lists/generate_service.rb
@@ -1,6 +1,6 @@
 module Boards
   module Lists
-    class GenerateService < BaseService
+    class GenerateService < Boards::BaseService
       def execute(board)
         return false unless board.lists.movable.empty?
 
diff --git a/app/services/boards/lists/list_service.rb b/app/services/boards/lists/list_service.rb
index df2a01a69e5..e57c95294af 100644
--- a/app/services/boards/lists/list_service.rb
+++ b/app/services/boards/lists/list_service.rb
@@ -1,6 +1,6 @@
 module Boards
   module Lists
-    class ListService < BaseService
+    class ListService < Boards::BaseService
       def execute(board)
         board.lists.create(list_type: :backlog) unless board.lists.backlog.exists?
 
diff --git a/app/services/boards/lists/move_service.rb b/app/services/boards/lists/move_service.rb
index f2a68865f7b..7d0730e8332 100644
--- a/app/services/boards/lists/move_service.rb
+++ b/app/services/boards/lists/move_service.rb
@@ -1,6 +1,6 @@
 module Boards
   module Lists
-    class MoveService < BaseService
+    class MoveService < Boards::BaseService
       def execute(list)
         @board = list.board
         @old_position = list.position