diff options
author | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-08-15 19:50:23 -0300 |
---|---|---|
committer | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-08-17 12:58:59 -0300 |
commit | cd98ff179cb20d9dc4460d173288d0e1582c4293 (patch) | |
tree | 5ec16f4ca84f95219d2b2a19c245532a7fab8254 /app | |
parent | c3880d105744dde1c8a30978e0cf13ebe017a91b (diff) | |
download | gitlab-ce-cd98ff179cb20d9dc4460d173288d0e1582c4293.tar.gz |
Move action to render board lists to `Projects::Boards::ListsController`
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects/boards/lists_controller.rb | 11 | ||||
-rw-r--r-- | app/controllers/projects/boards_controller.rb | 16 | ||||
-rw-r--r-- | app/models/ability.rb | 2 |
3 files changed, 16 insertions, 13 deletions
diff --git a/app/controllers/projects/boards/lists_controller.rb b/app/controllers/projects/boards/lists_controller.rb index b426dc25e0d..4726ab88dcf 100644 --- a/app/controllers/projects/boards/lists_controller.rb +++ b/app/controllers/projects/boards/lists_controller.rb @@ -1,7 +1,12 @@ module Projects module Boards class ListsController < Boards::ApplicationController - before_action :authorize_admin_list! + before_action :authorize_admin_list!, only: [:create, :update, :destroy, :generate] + before_action :authorize_read_list!, only: [:index] + + def index + render json: project.board.lists.as_json(only: [:id, :list_type, :position], methods: [:title], include: { label: { only: [:id, :title, :description, :color, :priority] } }) + end def create list = ::Boards::Lists::CreateService.new(project, current_user, list_params).execute @@ -49,6 +54,10 @@ module Projects return render_403 unless can?(current_user, :admin_list, project) end + def authorize_read_list! + return render_403 unless can?(current_user, :read_list, project) + end + def list_params params.require(:list).permit(:label_id) end diff --git a/app/controllers/projects/boards_controller.rb b/app/controllers/projects/boards_controller.rb index 052c15f99d0..33206717089 100644 --- a/app/controllers/projects/boards_controller.rb +++ b/app/controllers/projects/boards_controller.rb @@ -1,23 +1,15 @@ class Projects::BoardsController < Projects::ApplicationController + respond_to :html + before_action :authorize_read_board!, only: [:show] def show - board = Boards::CreateService.new(project, current_user).execute - - respond_to do |format| - format.html - format.json { render json: board.lists.as_json(only: [:id, :list_type, :position], methods: [:title], include: { label: { only: [:id, :title, :description, :color, :priority] } }) } - end + ::Boards::CreateService.new(project, current_user).execute end private def authorize_read_board! - unless can?(current_user, :read_board, project) - respond_to do |format| - format.html { return access_denied! } - format.json { return render_403 } - end - end + return access_denied! unless can?(current_user, :read_board, project) end end diff --git a/app/models/ability.rb b/app/models/ability.rb index 4458ee1d590..55265c3cfcb 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -91,6 +91,7 @@ class Ability rules = [ :read_project, :read_board, + :read_list, :read_wiki, :read_label, :read_milestone, @@ -230,6 +231,7 @@ class Ability :read_wiki, :read_issue, :read_board, + :read_list, :read_label, :read_milestone, :read_project_snippet, |