Commit 9be619c9 authored by Douwe Maan's avatar Douwe Maan

WIP: Clean up notes controllers

parent a4072db0
Pipeline #14016021 (#) passed with stages
in 60 minutes and 27 seconds
......@@ -75,6 +75,8 @@ class Projects::NotesController < Projects::ApplicationController
end
def authorize_create_note!
# TODO: Add :create_note for (personal?) snippets, instaed of :comment_personal_snippet?
# TODO: I think we should always check this
return unless noteable.lockable?
access_denied! unless can?(current_user, :create_note, noteable)
end
......
......@@ -4,6 +4,8 @@ class Snippets::NotesController < ApplicationController
skip_before_action :authenticate_user!, only: [:index]
before_action :snippet
# TODO: Authorize create_snippet!
# TODO: Always make sure we can actually read the snippet
before_action :authorize_read_snippet!, only: [:show, :index, :create]
private
......
......@@ -69,6 +69,7 @@ class NotesFinder
when "snippet", "project_snippet"
SnippetsFinder.new(@current_user, project: @project).execute
when "personal_snippet"
# TODO: Use finder
PersonalSnippet.all
else
raise 'invalid target_type'
......
......@@ -56,6 +56,7 @@ class SnippetsFinder < UnionFinder
def by_project(items)
return items unless params[:project]
# TODO: Add where(type: ProjectSnippet.name)
items.where(project_id: params[:project].id)
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment