diff options
author | Sean McGivern <sean@gitlab.com> | 2016-08-18 17:49:32 +0300 |
---|---|---|
committer | Sean McGivern <sean@gitlab.com> | 2016-08-18 17:54:07 +0300 |
commit | 8b1656282bcc39a0c1c7a3dccf74c98b1c3adae2 (patch) | |
tree | a5375c1ff8150d7777a120f29cfbd4d544ca4865 /app/controllers/projects/boards/issues_controller.rb | |
parent | 21a73302e8a8b9f22e51f1707a306f04d3faad07 (diff) | |
parent | 2c1062f81e3c39cf8a45185c203995a43b91bf65 (diff) |
Merge branch 'master' into expiration-date-on-memberships
Diffstat (limited to 'app/controllers/projects/boards/issues_controller.rb')
-rw-r--r-- | app/controllers/projects/boards/issues_controller.rb | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/app/controllers/projects/boards/issues_controller.rb b/app/controllers/projects/boards/issues_controller.rb new file mode 100644 index 00000000000..2d894b3dd4a --- /dev/null +++ b/app/controllers/projects/boards/issues_controller.rb @@ -0,0 +1,56 @@ +module Projects + module Boards + class IssuesController < Boards::ApplicationController + before_action :authorize_read_issue!, only: [:index] + before_action :authorize_update_issue!, only: [:update] + + def index + issues = ::Boards::Issues::ListService.new(project, current_user, filter_params).execute + issues = issues.page(params[:page]) + + render json: issues.as_json( + only: [:iid, :title, :confidential], + include: { + assignee: { only: [:id, :name, :username], methods: [:avatar_url] }, + labels: { only: [:id, :title, :description, :color, :priority] } + }) + end + + def update + service = ::Boards::Issues::MoveService.new(project, current_user, move_params) + + if service.execute(issue) + head :ok + else + head :unprocessable_entity + end + end + + private + + def issue + @issue ||= + IssuesFinder.new(current_user, project_id: project.id, state: 'all') + .execute + .where(iid: params[:id]) + .first! + end + + def authorize_read_issue! + return render_403 unless can?(current_user, :read_issue, project) + end + + def authorize_update_issue! + return render_403 unless can?(current_user, :update_issue, issue) + end + + def filter_params + params.merge(id: params[:list_id]) + end + + def move_params + params.permit(:id, :from_list_id, :to_list_id) + end + end + end +end |