diff options
author | James Lopez <james@jameslopez.es> | 2016-03-22 09:56:56 +0100 |
---|---|---|
committer | James Lopez <james@jameslopez.es> | 2016-03-22 09:56:56 +0100 |
commit | 8a26f836882112657db4e616066e70722677f049 (patch) | |
tree | 85a3d408ee818a80275abe38db9a88ecd24ab2e1 /lib | |
parent | e937f312cdaa4b98f6f043c6a6baa1be03868bf0 (diff) | |
parent | 383ead5d58a0553b7700aa922ad67c41b16eadf7 (diff) | |
download | gitlab-ce-8a26f836882112657db4e616066e70722677f049.tar.gz |
Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into fix/project-import_url
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/entities.rb | 3 | ||||
-rw-r--r-- | lib/api/groups.rb | 2 | ||||
-rw-r--r-- | lib/api/helpers.rb | 4 | ||||
-rw-r--r-- | lib/api/issues.rb | 7 | ||||
-rw-r--r-- | lib/api/merge_requests.rb | 12 | ||||
-rw-r--r-- | lib/gitlab/visibility_level.rb | 12 |
6 files changed, 29 insertions, 11 deletions
diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 71197205f34..197e826e5bc 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -85,7 +85,7 @@ module API end class Group < Grape::Entity - expose :id, :name, :path, :description + expose :id, :name, :path, :description, :visibility_level expose :avatar_url expose :web_url do |group, options| @@ -340,6 +340,7 @@ module API expose :session_expire_delay expose :default_project_visibility expose :default_snippet_visibility + expose :default_group_visibility expose :restricted_signup_domains expose :user_oauth_applications expose :after_sign_out_path diff --git a/lib/api/groups.rb b/lib/api/groups.rb index 1a14d870a4a..c165de21a75 100644 --- a/lib/api/groups.rb +++ b/lib/api/groups.rb @@ -31,7 +31,7 @@ module API authorize! :create_group, current_user required_attributes! [:name, :path] - attrs = attributes_for_keys [:name, :path, :description] + attrs = attributes_for_keys [:name, :path, :description, :visibility_level] @group = Group.new(attrs) if @group.save diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index a72044e8058..4921ae99e78 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -118,9 +118,7 @@ module API end def authorize!(action, subject) - unless abilities.allowed?(current_user, action, subject) - forbidden! - end + forbidden! unless abilities.allowed?(current_user, action, subject) end def authorize_push_project diff --git a/lib/api/issues.rb b/lib/api/issues.rb index fda6f841438..e5ae88eb96f 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -191,7 +191,7 @@ module API end end - # Delete a project issue (deprecated) + # Delete a project issue # # Parameters: # id (required) - The ID of a project @@ -199,7 +199,10 @@ module API # Example Request: # DELETE /projects/:id/issues/:issue_id delete ":id/issues/:issue_id" do - not_allowed! + issue = user_project.issues.find_by(id: params[:issue_id]) + + authorize!(:destroy_issue, issue) + issue.destroy end end end diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index c5e5d57ed4d..93052fba06b 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -100,6 +100,18 @@ module API end end + # Delete a MR + # + # Parameters: + # id (required) - The ID of the project + # merge_request_id (required) - The MR id + delete ":id/merge_requests/:merge_request_id" do + merge_request = user_project.merge_requests.find_by(id: params[:merge_request_id]) + + authorize!(:destroy_merge_request, merge_request) + merge_request.destroy + end + # Routing "merge_request/:merge_request_id/..." is DEPRECATED and WILL BE REMOVED in version 9.0 # Use "merge_requests/:merge_request_id/..." instead. # diff --git a/lib/gitlab/visibility_level.rb b/lib/gitlab/visibility_level.rb index 3160a3c7582..a1ee1cba216 100644 --- a/lib/gitlab/visibility_level.rb +++ b/lib/gitlab/visibility_level.rb @@ -6,6 +6,14 @@ module Gitlab module VisibilityLevel extend CurrentSettings + extend ActiveSupport::Concern + + included do + scope :public_only, -> { where(visibility_level: PUBLIC) } + scope :public_and_internal_only, -> { where(visibility_level: [PUBLIC, INTERNAL] ) } + + scope :public_to_user, -> (user) { user && !user.external ? public_and_internal_only : public_only } + end PRIVATE = 0 unless const_defined?(:PRIVATE) INTERNAL = 10 unless const_defined?(:INTERNAL) @@ -48,10 +56,6 @@ module Gitlab options.has_value?(level) end - def allowed_fork_levels(origin_level) - [PRIVATE, INTERNAL, PUBLIC].select{ |level| level <= origin_level } - end - def level_name(level) level_name = 'Unknown' options.each do |name, lvl| |