Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/projects/notes_controller.rb
diff options
context:
space:
mode:
authorJarka Kadlecova <jarka@gitlab.com>2017-08-30 17:57:50 +0300
committerJarka Kadlecova <jarka@gitlab.com>2017-09-14 15:50:32 +0300
commitb9287208523e1a5c05939fe0db038df51a9082fc (patch)
tree7cc859ffab52ae526924676395374d4621fd96c3 /app/controllers/projects/notes_controller.rb
parent1140fcce4f8b5463f451356b76fea125826478b2 (diff)
Support discussion locking in the backend
Diffstat (limited to 'app/controllers/projects/notes_controller.rb')
-rw-r--r--app/controllers/projects/notes_controller.rb14
1 files changed, 14 insertions, 0 deletions
diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index 41a13f6f577..dd3dc71c004 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -66,7 +66,21 @@ class Projects::NotesController < Projects::ApplicationController
params.merge(last_fetched_at: last_fetched_at)
end
+ def authorize_admin_note!
+ return access_denied! unless can?(current_user, :admin_note, note)
+ end
+
def authorize_resolve_note!
return access_denied! unless can?(current_user, :resolve_note, note)
end
+
+ def authorize_create_note!
+ noteable_type = note_params[:noteable_type]
+
+ return unless ['MergeRequest', 'Issue'].include?(noteable_type)
+ return access_denied! unless can?(current_user, :create_note, project)
+
+ noteable = noteable_type.constantize.find(note_params[:noteable_id])
+ access_denied! unless can?(current_user, :create_note, noteable)
+ end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-10 09:07:49 +0300