diff options
Diffstat (limited to 'lib/api/notes.rb')
| -rw-r--r-- | lib/api/notes.rb | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/lib/api/notes.rb b/lib/api/notes.rb index b3db366d875..0b9ab4eeb05 100644 --- a/lib/api/notes.rb +++ b/lib/api/notes.rb @@ -71,8 +71,6 @@ module API post ":id/#{noteables_str}/:noteable_id/notes" do noteable = find_project_noteable(noteables_str, params[:noteable_id]) - authorize! :create_note, user_project - opts = { note: params[:body], noteable_type: noteables_str.classify, @@ -80,15 +78,12 @@ module API } if can?(current_user, noteable_read_ability_name(noteable), noteable) + authorize! :create_note, noteable + if params[:created_at] && (current_user.admin? || user_project.owner == current_user) opts[:created_at] = params[:created_at] end - noteable_type = opts[:noteable_type].to_s - noteable = Issue.find(opts[:noteable_id]) if noteable_type == 'Issue' - noteable = MergeRequest.find(opts[:noteable_id]) if noteable_type == 'MergeRequest' - authorize! :create_note, noteable if noteable - note = ::Notes::CreateService.new(user_project, current_user, opts).execute if note.valid? |