app/controllers/projects/releases/evidences_controller.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

# frozen_string_literal: true

module Projects
  module Releases
    class EvidencesController < Projects::ApplicationController
      before_action :require_non_empty_project
      before_action :release
      before_action :authorize_read_release_evidence!

      def show
        respond_to do |format|
          format.json do
            render json: evidence.summary
          end
        end
      end

      private

      def authorize_read_release_evidence!
        access_denied! unless Feature.enabled?(:release_evidence, project, default_enabled: true)
        access_denied! unless can?(current_user, :read_release_evidence, evidence)
      end

      def release
        @release ||= project.releases.find_by_tag!(sanitized_tag_name)
      end

      def evidence
        release.evidences.find(params[:id])
      end

      def sanitized_tag_name
        CGI.unescape(params[:tag])
      end
    end
  end
end