From 4f5ed812325845f263fc9b566651c1179b5c24bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20Coutable?= <remy@rymai.me>
Date: Thu, 24 Nov 2016 14:40:35 +0100
Subject: API: Introduce `#find_project!` which also check access permission
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Rémy Coutable <remy@rymai.me>
---
 lib/api/helpers.rb  | 17 ++++++++++-------
 lib/api/projects.rb |  2 +-
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 60067758e95..42f4c2ccf9d 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -68,7 +68,7 @@ module API
     end
 
     def user_project
-      @project ||= find_project(params[:id])
+      @project ||= find_project!(params[:id])
     end
 
     def available_labels
@@ -76,12 +76,15 @@ module API
     end
 
     def find_project(id)
-      project =
-        if id =~ /^\d+$/
-          Project.find_by(id: id)
-        else
-          Project.find_with_namespace(id)
-        end
+      if id =~ /^\d+$/
+        Project.find_by(id: id)
+      else
+        Project.find_with_namespace(id)
+      end
+    end
+
+    def find_project!(id)
+      project = find_project(id)
 
       if can?(current_user, :read_project, project)
         project
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index ddfde178d30..2ea3c433ae2 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -379,7 +379,7 @@ module API
       #   POST /projects/:id/fork/:forked_from_id
       post ":id/fork/:forked_from_id" do
         authenticated_as_admin!
-        forked_from_project = find_project(params[:forked_from_id])
+        forked_from_project = find_project!(params[:forked_from_id])
         unless forked_from_project.nil?
           if user_project.forked_from_project.nil?
             user_project.create_forked_project_link(forked_to_project_id: user_project.id, forked_from_project_id: forked_from_project.id)
-- 
cgit v1.2.1