diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-02-03 10:57:27 -0800 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-02-03 10:57:27 -0800 |
| commit | dc9bf324207c21f39633392c4180ba62193c02c6 (patch) | |
| tree | 100d2de9a08bd3e6d6c2800a652abca5237d5e30 /lib | |
| parent | 141c6a027ee369fbb954f936aca51f4231fce607 (diff) | |
| parent | 4e97f26649a7756bef843fca74e3c58eadd117e1 (diff) | |
| download | gitlab-ce-dc9bf324207c21f39633392c4180ba62193c02c6.tar.gz | |
Merge pull request #8723 from jubianchi/api-groups-path
Access groups using path
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/group_members.rb | 16 | ||||
| -rw-r--r-- | lib/api/groups.rb | 16 | ||||
| -rw-r--r-- | lib/api/helpers.rb | 25 |
3 files changed, 23 insertions, 34 deletions
diff --git a/lib/api/group_members.rb b/lib/api/group_members.rb index d596517c816..4373070083a 100644 --- a/lib/api/group_members.rb +++ b/lib/api/group_members.rb @@ -3,22 +3,6 @@ module API before { authenticate! } resource :groups do - helpers do - def find_group(id) - group = Group.find(id) - - if can?(current_user, :read_group, group) - group - else - render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403) - end - end - - def validate_access_level?(level) - Gitlab::Access.options_with_owner.values.include? level.to_i - end - end - # Get a list of group members viewable by the authenticated user. # # Example Request: diff --git a/lib/api/groups.rb b/lib/api/groups.rb index 730dfad52c8..384a28e41f5 100644 --- a/lib/api/groups.rb +++ b/lib/api/groups.rb @@ -4,22 +4,6 @@ module API before { authenticate! } resource :groups do - helpers do - def find_group(id) - group = Group.find(id) - - if can?(current_user, :read_group, group) - group - else - render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403) - end - end - - def validate_access_level?(level) - Gitlab::Access.options_with_owner.values.include? level.to_i - end - end - # Get a groups list # # Example Request: diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 1ded63d136f..be9e4280d65 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -55,6 +55,21 @@ module API end end + def find_group(id) + begin + group = Group.find(id) + rescue ActiveRecord::RecordNotFound + group = Group.find_by!(path: id) + end + + if can?(current_user, :read_group, group) + group + else + forbidden!("#{current_user.username} lacks sufficient "\ + "access to #{group.name}") + end + end + def paginate(relation) per_page = params[:per_page].to_i paginated = relation.page(params[:page]).per(per_page) @@ -135,10 +150,16 @@ module API errors end + def validate_access_level?(level) + Gitlab::Access.options_with_owner.values.include? level.to_i + end + # error helpers - def forbidden! - render_api_error!('403 Forbidden', 403) + def forbidden!(reason = nil) + message = ['403 Forbidden'] + message << " - #{reason}" if reason + render_api_error!(message.join(' '), 403) end def bad_request!(attribute) |