API: Introduce `#find_group!` which also check access permission22373-reduce-queries-in-api-helpers-find_project

Signed-off-by: Rémy Coutable <remy@rymai.me>
author: Rémy Coutable <remy@rymai.me> 2016-11-24 16:58:32 +0100
committer: Rémy Coutable <remy@rymai.me> 2016-11-24 16:58:32 +0100
commit: 81ba3f9177fcfd76f6b3b715c572ce4920398345 (patch)
tree: bfcefba5a558d69051bf67f2cef2a259c0928942 /lib
parent: 4f5ed812325845f263fc9b566651c1179b5c24bc (diff)
download: gitlab-ce-81ba3f9177fcfd76f6b3b715c572ce4920398345.tar.gz
4 files changed, 15 insertions, 7 deletions
diff --git a/lib/api/groups.rb b/lib/api/groups.rb
index 48ad3b80ae0..a3489c4eb92 100644
--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@@ -82,7 +82,7 @@ module API
                         :lfs_enabled, :request_access_enabled
       end
       put ':id' do
-        group = find_group(params[:id])
+        group = find_group!(params[:id])
         authorize! :admin_group, group
 
         if ::Groups::UpdateService.new(group, current_user, declared_params(include_missing: false)).execute
@@ -96,13 +96,13 @@ module API
         success Entities::GroupDetail
       end
       get ":id" do
-        group = find_group(params[:id])
+        group = find_group!(params[:id])
         present group, with: Entities::GroupDetail
       end
 
       desc 'Remove a group.'
       delete ":id" do
-        group = find_group(params[:id])
+        group = find_group!(params[:id])
         authorize! :admin_group, group
         DestroyGroupService.new(group, current_user).execute
       end
@@ -111,7 +111,7 @@ module API
         success Entities::Project
       end
       get ":id/projects" do
-        group = find_group(params[:id])
+        group = find_group!(params[:id])
         projects = GroupProjectsFinder.new(group).execute(current_user)
         projects = paginate projects
         present projects, with: Entities::Project, user: current_user
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 42f4c2ccf9d..0d3ddb89dc3 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -105,7 +105,15 @@ module API
     end
 
     def find_group(id)
-      group = Group.find_by(path: id) || Group.find_by(id: id)
+      if id =~ /^\d+$/
+        Group.find_by(id: id)
+      else
+        Group.find_by(path: id)
+      end
+    end
+
+    def find_group!(id)
+      group = find_group(id)
 
       if can?(current_user, :read_group, group)
         group
diff --git a/lib/api/helpers/members_helpers.rb b/lib/api/helpers/members_helpers.rb
index 90114f6f667..d9cae1501f8 100644
--- a/lib/api/helpers/members_helpers.rb
+++ b/lib/api/helpers/members_helpers.rb
@@ -2,7 +2,7 @@ module API
   module Helpers
     module MembersHelpers
       def find_source(source_type, id)
-        public_send("find_#{source_type}", id)
+        public_send("find_#{source_type}!", id)
       end
 
       def authorize_admin_source!(source_type, source)
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index eea5b91d4f9..2fea71870b8 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -68,7 +68,7 @@ module API
       #   GET /groups/:id/issues?milestone=1.0.0
       #   GET /groups/:id/issues?milestone=1.0.0&state=closed
       get ":id/issues" do
-        group = find_group(params[:id])
+        group = find_group!(params[:id])
 
         params[:state] ||= 'opened'
         params[:group_id] = group.id
author	Rémy Coutable <remy@rymai.me>	2016-11-24 16:58:32 +0100
committer	Rémy Coutable <remy@rymai.me>	2016-11-24 16:58:32 +0100
commit	81ba3f9177fcfd76f6b3b715c572ce4920398345 (patch)
tree	bfcefba5a558d69051bf67f2cef2a259c0928942 /lib
parent	4f5ed812325845f263fc9b566651c1179b5c24bc (diff)
download	gitlab-ce-81ba3f9177fcfd76f6b3b715c572ce4920398345.tar.gz