diff options
Diffstat (limited to 'app/controllers/projects/todos_controller.rb')
-rw-r--r-- | app/controllers/projects/todos_controller.rb | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/app/controllers/projects/todos_controller.rb b/app/controllers/projects/todos_controller.rb index 648d42c56c5..23868d986e9 100644 --- a/app/controllers/projects/todos_controller.rb +++ b/app/controllers/projects/todos_controller.rb @@ -1,18 +1,12 @@ class Projects::TodosController < Projects::ApplicationController - def create - todos = TodoService.new.mark_todo(issuable, current_user) - - render json: { - todo: todos, - count: current_user.todos_pending_count, - } - end + before_action :authenticate_user!, only: [:create] - def update - current_user.todos.find_by_id(params[:id]).update(state: :done) + def create + todo = TodoService.new.mark_todo(issuable, current_user) render json: { count: current_user.todos_pending_count, + delete_path: dashboard_todo_path(todo) } end @@ -22,7 +16,13 @@ class Projects::TodosController < Projects::ApplicationController @issuable ||= begin case params[:issuable_type] when "issue" - @project.issues.find(params[:issuable_id]) + issue = @project.issues.find(params[:issuable_id]) + + if can?(current_user, :read_issue, issue) + issue + else + render_404 + end when "merge_request" @project.merge_requests.find(params[:issuable_id]) end |