1 files changed, 20 insertions, 37 deletions

diff --git a/app/controllers/groups/variables_controller.rb b/app/controllers/groups/variables_controller.rb
index 10038ff3ad9..913e13bf734 100644
--- a/app/controllers/groups/variables_controller.rb
+++ b/app/controllers/groups/variables_controller.rb
@@ -1,60 +1,43 @@
 module Groups
   class VariablesController < Groups::ApplicationController
-    before_action :variable, only: [:show, :update, :destroy]
     before_action :authorize_admin_build!
 
-    def index
-      redirect_to group_settings_ci_cd_path(group)
-    end
-
     def show
+      respond_to do |format|
+        format.json do
+          render status: :ok, json: { variables: GroupVariableSerializer.new.represent(@group.variables) }
+        end
+      end
     end
 
     def update
-      if variable.update(variable_params)
-        redirect_to group_variables_path(group),
-                    notice: 'Variable was successfully updated.'
+      if @group.update(group_variables_params)
+        respond_to do |format|
+          format.json { return render_group_variables }
+        end
       else
-        render "show"
+        respond_to do |format|
+          format.json { render_error }
+        end
       end
     end
 
-    def create
-      @variable = group.variables.create(variable_params)
-        .present(current_user: current_user)
+    private
 
-      if @variable.persisted?
-        redirect_to group_settings_ci_cd_path(group),
-                    notice: 'Variable was successfully created.'
-      else
-        render "show"
-      end
+    def render_group_variables
+      render status: :ok, json: { variables: GroupVariableSerializer.new.represent(@group.variables) }
     end
 
-    def destroy
-      if variable.destroy
-        redirect_to group_settings_ci_cd_path(group),
-                    status: 302,
-                    notice: 'Variable was successfully removed.'
-      else
-        redirect_to group_settings_ci_cd_path(group),
-                    status: 302,
-                    notice: 'Failed to remove the variable.'
-      end
+    def render_error
+      render status: :bad_request, json: @group.errors.full_messages
     end
 
-    private
-
-    def variable_params
-      params.require(:variable).permit(*variable_params_attributes)
+    def group_variables_params
+      params.permit(variables_attributes: [*variable_params_attributes])
     end
 
     def variable_params_attributes
-      %i[key value protected]
-    end
-
-    def variable
-      @variable ||= group.variables.find(params[:id]).present(current_user: current_user)
+      %i[id key value protected _destroy]
     end
 
     def authorize_admin_build!