From 96644c1fc146b55795d36cf4c03a80d2d58d112e Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Sat, 11 Jul 2015 06:16:59 -0700 Subject: Better handle unknown projects and groups for autocomplete --- app/controllers/autocomplete_controller.rb | 37 +++++++++++++++++++----------- 1 file changed, 23 insertions(+), 14 deletions(-) (limited to 'app') diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb index 8b12643bb97..52e9c58b47c 100644 --- a/app/controllers/autocomplete_controller.rb +++ b/app/controllers/autocomplete_controller.rb @@ -2,25 +2,34 @@ class AutocompleteController < ApplicationController skip_before_action :authenticate_user!, only: [:users] def users - @users = - if params[:project_id].present? - project = Project.find(params[:project_id]) + begin + @users = + if params[:project_id].present? + project = Project.find(params[:project_id]) - if can?(current_user, :read_project, project) - project.team.users - end - elsif params[:group_id] - group = Group.find(params[:group_id]) + if can?(current_user, :read_project, project) + project.team.users + end + elsif params[:group_id] + group = Group.find(params[:group_id]) - if can?(current_user, :read_group, group) - group.users + if can?(current_user, :read_group, group) + group.users + end + elsif current_user + User.all end - elsif current_user - User.all - else - User.none + rescue ActiveRecord::RecordNotFound + if current_user + return render json: {}, status: 404 end + end + + if @users.nil? && current_user.nil? + authenticate_user! + end + @users ||= User.none @users = @users.search(params[:search]) if params[:search].present? @users = @users.active @users = @users.page(params[:page]).per(PER_PAGE) -- cgit v1.2.1