diff options
author | Phil Hughes <me@iamphill.com> | 2017-08-02 18:37:40 +0300 |
---|---|---|
committer | Phil Hughes <me@iamphill.com> | 2017-08-02 18:37:40 +0300 |
commit | e4c20cd3fe330faa415493ee2fe30dc16fbaca80 (patch) | |
tree | 0be61b6cc59cf35d81b9271c7603e0d8b203a31c /app/controllers/concerns/notes_actions.rb | |
parent | 25d6a6c4b528159c288995de4909e6a8da431d0b (diff) | |
parent | 88958e5a9cd364ae36f3d2837982cedb9239c3bc (diff) |
Merge branch 'master' into sidebar-fly-out-sub-nav
Diffstat (limited to 'app/controllers/concerns/notes_actions.rb')
-rw-r--r-- | app/controllers/concerns/notes_actions.rb | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/app/controllers/concerns/notes_actions.rb b/app/controllers/concerns/notes_actions.rb index a57d9e6e6c0..af5f683bab5 100644 --- a/app/controllers/concerns/notes_actions.rb +++ b/app/controllers/concerns/notes_actions.rb @@ -4,6 +4,7 @@ module NotesActions included do before_action :authorize_admin_note!, only: [:update, :destroy] + before_action :note_project, only: [:create] end def index @@ -28,7 +29,8 @@ module NotesActions merge_request_diff_head_sha: params[:merge_request_diff_head_sha], in_reply_to_discussion_id: params[:in_reply_to_discussion_id] ) - @note = Notes::CreateService.new(project, current_user, create_params).execute + + @note = Notes::CreateService.new(note_project, current_user, create_params).execute if @note.is_a?(Note) Banzai::NoteRenderer.render([@note], @project, current_user) @@ -177,4 +179,22 @@ module NotesActions def notes_finder @notes_finder ||= NotesFinder.new(project, current_user, finder_params) end + + def note_project + return @note_project if defined?(@note_project) + return nil unless project + + note_project_id = params[:note_project_id] + + @note_project = + if note_project_id.present? + Project.find(note_project_id) + else + project + end + + return access_denied! unless can?(current_user, :create_note, @note_project) + + @note_project + end end |