diff options
| author | Felipe Artur <felipefac@gmail.com> | 2017-08-31 20:48:57 +0300 |
|---|---|---|
| committer | Felipe Artur <felipefac@gmail.com> | 2017-08-31 20:48:57 +0300 |
| commit | 8077b728bc26e9ece8055b8301033238ddbdf3f5 (patch) | |
| tree | e22b26fe9b8ca3343c2eded3c1b024704d86221c /app/controllers | |
| parent | f2a43ff5b7eec188ffc470649bf40d268cbdce2a (diff) | |
Continue BE backport
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/boards/issues_controller.rb | 1 | ||||
| -rw-r--r-- | app/controllers/boards/lists_controller.rb | 1 | ||||
| -rw-r--r-- | app/controllers/concerns/boards_responses.rb | 42 | ||||
| -rw-r--r-- | app/controllers/projects/boards_controller.rb | 2 |
4 files changed, 45 insertions, 1 deletions
diff --git a/app/controllers/boards/issues_controller.rb b/app/controllers/boards/issues_controller.rb index 7d776d9b591..8ac23faa4b7 100644 --- a/app/controllers/boards/issues_controller.rb +++ b/app/controllers/boards/issues_controller.rb @@ -5,6 +5,7 @@ module Boards before_action :authorize_read_issue, only: [:index] before_action :authorize_create_issue, only: [:create] before_action :authorize_update_issue, only: [:update] + skip_before_action :authenticate_user!, only: [:index] def index issues = Boards::Issues::ListService.new(board_parent, current_user, filter_params).execute diff --git a/app/controllers/boards/lists_controller.rb b/app/controllers/boards/lists_controller.rb index a4ed37dab31..381fd4d7508 100644 --- a/app/controllers/boards/lists_controller.rb +++ b/app/controllers/boards/lists_controller.rb @@ -4,6 +4,7 @@ module Boards before_action :authorize_admin_list, only: [:create, :update, :destroy, :generate] before_action :authorize_read_list, only: [:index] + skip_before_action :authenticate_user!, only: [:index] def index lists = Boards::Lists::ListService.new(board.parent, current_user).execute(board) diff --git a/app/controllers/concerns/boards_responses.rb b/app/controllers/concerns/boards_responses.rb new file mode 100644 index 00000000000..2c9c095a5d7 --- /dev/null +++ b/app/controllers/concerns/boards_responses.rb @@ -0,0 +1,42 @@ +module BoardsResponses + def authorize_read_list + authorize_action_for!(board.parent, :read_list) + end + + def authorize_read_issue + authorize_action_for!(board.parent, :read_issue) + end + + def authorize_update_issue + authorize_action_for!(issue, :admin_issue) + end + + def authorize_create_issue + authorize_action_for!(project, :admin_issue) + end + + def authorize_admin_list + authorize_action_for!(board.parent, :admin_list) + end + + def authorize_action_for!(resource, ability) + return render_403 unless can?(current_user, ability, resource) + end + + def respond_with_boards + respond_with(@boards) + end + + def respond_with_board + respond_with(@board) + end + + def respond_with(resource) + respond_to do |format| + format.html + format.json do + render json: serialize_as_json(resource) + end + end + end +end diff --git a/app/controllers/projects/boards_controller.rb b/app/controllers/projects/boards_controller.rb index 88a57749d78..04f2f77faf2 100644 --- a/app/controllers/projects/boards_controller.rb +++ b/app/controllers/projects/boards_controller.rb @@ -1,6 +1,6 @@ class Projects::BoardsController < Projects::ApplicationController - include IssuableCollections include BoardsResponses + include IssuableCollections before_action :authorize_read_board!, only: [:index, :show] before_action :assign_endpoint_vars |