notes_controller.rb 2.18 KB
Newer Older
1
class Projects::NotesController < Projects::ApplicationController
2
  include NotesActions
3 4
  include ToggleAwardEmoji

5
  before_action :authorize_read_note!
6
  before_action :authorize_create_note!, only: [:create]
7
  before_action :authorize_resolve_note!, only: [:resolve, :unresolve]
gitlabhq's avatar
gitlabhq committed
8

9 10 11 12 13 14 15 16 17
  #
  # This is a fix to make spinach feature tests passing:
  # Controller actions are returned from AbstractController::Base and methods of parent classes are
  #   excluded in order to return only specific controller related methods.
  # That is ok for the app (no :create method in ancestors)
  #   but fails for tests because there is a :create method on FactoryGirl (one of the ancestors)
  #
  # see https://github.com/rails/rails/blob/v4.2.7/actionpack/lib/abstract_controller/base.rb#L78
  #
gitlabhq's avatar
gitlabhq committed
18
  def create
19
    super
20 21 22
  end

  def delete_attachment
23 24
    note.remove_attachment!
    note.update_attribute(:attachment, nil)
25 26

    respond_to do |format|
27
      format.js { head :ok }
28 29 30
    end
  end

31
  def resolve
32 33 34 35
    return render_404 unless note.resolvable?

    note.resolve!(current_user)

Douwe Maan's avatar
Douwe Maan committed
36
    MergeRequests::ResolvedDiscussionNotificationService.new(project, current_user).execute(note.noteable)
37

Douwe Maan's avatar
Douwe Maan committed
38
    discussion = note.discussion
39

40
    render json: {
41
      resolved_by: note.resolved_by.try(:name),
Douwe Maan's avatar
Douwe Maan committed
42
      discussion_headline_html: (view_to_html_string('discussions/_headline', discussion: discussion) if discussion)
43
    }
44 45
  end

46 47 48 49 50
  def unresolve
    return render_404 unless note.resolvable?

    note.unresolve!

Douwe Maan's avatar
Douwe Maan committed
51
    discussion = note.discussion
52 53

    render json: {
Douwe Maan's avatar
Douwe Maan committed
54
      discussion_headline_html: (view_to_html_string('discussions/_headline', discussion: discussion) if discussion)
55
    }
Phil Hughes's avatar
Phil Hughes committed
56 57
  end

58 59 60 61 62
  private

  def note
    @note ||= @project.notes.find(params[:id])
  end
63
  alias_method :awardable, :note
64

65 66
  def finder_params
    params.merge(last_fetched_at: last_fetched_at)
67
  end
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
68

69 70 71 72
  def authorize_admin_note!
    return access_denied! unless can?(current_user, :admin_note, note)
  end

73 74 75
  def authorize_resolve_note!
    return access_denied! unless can?(current_user, :resolve_note, note)
  end
76 77

  def authorize_create_note!
78
    return unless noteable.lockable?
79

80 81
    access_denied! unless can?(current_user, :create_note, noteable)
  end
gitlabhq's avatar
gitlabhq committed
82
end