Enforce restricted visibilities for snippets

Add new service classes to create and update project and personal snippets. These classes are responsible for enforcing restricted visibility settings for non-admin users.
author: Vinnie Okada <vokada@mrvinn.com> 2015-03-07 12:47:06 -0700
committer: Vinnie Okada <vokada@mrvinn.com> 2015-03-08 17:57:08 -0600
commit: 928fc94c3d900069902b097d6464acee712a886c (patch)
tree: e30cbea42055c082e76881bd36ccd94f72afac8e /lib/api/project_snippets.rb
parent: 285c5341855f8af6cbea5e964e3104a4698fa450 (diff)
download: gitlab-ce-928fc94c3d900069902b097d6464acee712a886c.tar.gz
1 files changed, 13 insertions, 9 deletions
diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb
index 0c2d282f785..25f34a3dab5 100644
--- a/lib/api/project_snippets.rb
+++ b/lib/api/project_snippets.rb
@@ -42,18 +42,19 @@ module API
       #   title (required) - The title of a snippet
       #   file_name (required) - The name of a snippet file
       #   code (required) - The content of a snippet
+      #   visibility_level (required) - The snippet's visibility
       # Example Request:
       #   POST /projects/:id/snippets
       post ":id/snippets" do
         authorize! :write_project_snippet, user_project
-        required_attributes! [:title, :file_name, :code]
+        required_attributes! [:title, :file_name, :code, :visibility_level]
 
-        attrs = attributes_for_keys [:title, :file_name]
+        attrs = attributes_for_keys [:title, :file_name, :visibility_level]
         attrs[:content] = params[:code] if params[:code].present?
-        @snippet = user_project.snippets.new attrs
-        @snippet.author = current_user
+        @snippet = CreateSnippetservice.new(user_project, current_user,
+                                            attrs).execute
 
-        if @snippet.save
+        if @snippet.saved?
           present @snippet, with: Entities::ProjectSnippet
         else
           render_validation_error!(@snippet)
@@ -68,19 +69,22 @@ module API
       #   title (optional) - The title of a snippet
       #   file_name (optional) - The name of a snippet file
       #   code (optional) - The content of a snippet
+      #   visibility_level (optional) - The snippet's visibility
       # Example Request:
       #   PUT /projects/:id/snippets/:snippet_id
       put ":id/snippets/:snippet_id" do
         @snippet = user_project.snippets.find(params[:snippet_id])
         authorize! :modify_project_snippet, @snippet
 
-        attrs = attributes_for_keys [:title, :file_name]
+        attrs = attributes_for_keys [:title, :file_name, :visibility_level]
         attrs[:content] = params[:code] if params[:code].present?
 
-        if @snippet.update_attributes attrs
-          present @snippet, with: Entities::ProjectSnippet
-        else
+        UpdateSnippetService.new(user_project, current_user, @snippet,
+                                 attrs).execute
+        if @snippet.errors.any?
           render_validation_error!(@snippet)
+        else
+          present @snippet, with: Entities::ProjectSnippet
         end
       end
author	Vinnie Okada <vokada@mrvinn.com>	2015-03-07 12:47:06 -0700
committer	Vinnie Okada <vokada@mrvinn.com>	2015-03-08 17:57:08 -0600
commit	928fc94c3d900069902b097d6464acee712a886c (patch)
tree	e30cbea42055c082e76881bd36ccd94f72afac8e /lib/api/project_snippets.rb
parent	285c5341855f8af6cbea5e964e3104a4698fa450 (diff)
download	gitlab-ce-928fc94c3d900069902b097d6464acee712a886c.tar.gz