diff options
Diffstat (limited to 'lib/api/notes.rb')
| -rw-r--r-- | lib/api/notes.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/api/notes.rb b/lib/api/notes.rb index d6e7203adaf..b3db366d875 100644 --- a/lib/api/notes.rb +++ b/lib/api/notes.rb @@ -71,6 +71,8 @@ module API post ":id/#{noteables_str}/:noteable_id/notes" do noteable = find_project_noteable(noteables_str, params[:noteable_id]) + authorize! :create_note, user_project + opts = { note: params[:body], noteable_type: noteables_str.classify, @@ -82,6 +84,11 @@ module API opts[:created_at] = params[:created_at] end + noteable_type = opts[:noteable_type].to_s + noteable = Issue.find(opts[:noteable_id]) if noteable_type == 'Issue' + noteable = MergeRequest.find(opts[:noteable_id]) if noteable_type == 'MergeRequest' + authorize! :create_note, noteable if noteable + note = ::Notes::CreateService.new(user_project, current_user, opts).execute if note.valid? |