diff options
author | Jarka Kadlecova <jarka@gitlab.com> | 2017-08-30 17:57:50 +0300 |
---|---|---|
committer | Jarka Kadlecova <jarka@gitlab.com> | 2017-09-14 15:50:32 +0300 |
commit | b9287208523e1a5c05939fe0db038df51a9082fc (patch) | |
tree | 7cc859ffab52ae526924676395374d4621fd96c3 /app/controllers/projects/notes_controller.rb | |
parent | 1140fcce4f8b5463f451356b76fea125826478b2 (diff) |
Support discussion locking in the backend
Diffstat (limited to 'app/controllers/projects/notes_controller.rb')
-rw-r--r-- | app/controllers/projects/notes_controller.rb | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb index 41a13f6f577..dd3dc71c004 100644 --- a/app/controllers/projects/notes_controller.rb +++ b/app/controllers/projects/notes_controller.rb @@ -66,7 +66,21 @@ class Projects::NotesController < Projects::ApplicationController params.merge(last_fetched_at: last_fetched_at) end + def authorize_admin_note! + return access_denied! unless can?(current_user, :admin_note, note) + end + def authorize_resolve_note! return access_denied! unless can?(current_user, :resolve_note, note) end + + def authorize_create_note! + noteable_type = note_params[:noteable_type] + + return unless ['MergeRequest', 'Issue'].include?(noteable_type) + return access_denied! unless can?(current_user, :create_note, project) + + noteable = noteable_type.constantize.find(note_params[:noteable_id]) + access_denied! unless can?(current_user, :create_note, noteable) + end end |