Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-01-17 03:09:00 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-01-17 03:09:00 +0300
commit: efb0c7f501e4a8883796b5acfdc584e2720febba (patch)
tree: a5870a33d1154a555a46b293aac42dbb4197b31d /app/services/snippets
parent: 727b1a890c8e44440414c59611e9ead34d6edc93 (diff)
4 files changed, 139 insertions, 0 deletions
diff --git a/app/services/snippets/base_service.rb b/app/services/snippets/base_service.rb
new file mode 100644
index 00000000000..2b450db0b83
--- /dev/null
+++ b/app/services/snippets/base_service.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Snippets
+  class BaseService < ::BaseService
+    private
+
+    def snippet_error_response(snippet, http_status)
+      ServiceResponse.error(
+        message: snippet.errors.full_messages.to_sentence,
+        http_status: http_status,
+        payload: { snippet: snippet }
+      )
+    end
+  end
+end
diff --git a/app/services/snippets/create_service.rb b/app/services/snippets/create_service.rb
new file mode 100644
index 00000000000..250e99c466a
--- /dev/null
+++ b/app/services/snippets/create_service.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Snippets
+  class CreateService < Snippets::BaseService
+    include SpamCheckMethods
+
+    def execute
+      filter_spam_check_params
+
+      snippet = if project
+                  project.snippets.build(params)
+                else
+                  PersonalSnippet.new(params)
+                end
+
+      unless Gitlab::VisibilityLevel.allowed_for?(current_user, snippet.visibility_level)
+        deny_visibility_level(snippet)
+
+        return snippet_error_response(snippet, 403)
+      end
+
+      snippet.author = current_user
+
+      spam_check(snippet, current_user)
+
+      snippet_saved = snippet.with_transaction_returning_status do
+        snippet.save && snippet.store_mentions!
+      end
+
+      if snippet_saved
+        UserAgentDetailService.new(snippet, @request).create
+        Gitlab::UsageDataCounters::SnippetCounter.count(:create)
+
+        ServiceResponse.success(payload: { snippet: snippet } )
+      else
+        snippet_error_response(snippet, 400)
+      end
+    end
+  end
+end
diff --git a/app/services/snippets/destroy_service.rb b/app/services/snippets/destroy_service.rb
new file mode 100644
index 00000000000..f253817d94f
--- /dev/null
+++ b/app/services/snippets/destroy_service.rb
@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module Snippets
+  class DestroyService
+    include Gitlab::Allowable
+
+    attr_reader :current_user, :project
+
+    def initialize(user, snippet)
+      @current_user = user
+      @snippet = snippet
+      @project = snippet&.project
+    end
+
+    def execute
+      if snippet.nil?
+        return service_response_error('No snippet found.', 404)
+      end
+
+      unless user_can_delete_snippet?
+        return service_response_error(
+          "You don't have access to delete this snippet.",
+          403
+        )
+      end
+
+      if snippet.destroy
+        ServiceResponse.success(message: 'Snippet was deleted.')
+      else
+        service_response_error('Failed to remove snippet.', 400)
+      end
+    end
+
+    private
+
+    attr_reader :snippet
+
+    def user_can_delete_snippet?
+      return can?(current_user, :admin_project_snippet, snippet) if project
+
+      can?(current_user, :admin_personal_snippet, snippet)
+    end
+
+    def service_response_error(message, http_status)
+      ServiceResponse.error(message: message, http_status: http_status)
+    end
+  end
+end
diff --git a/app/services/snippets/update_service.rb b/app/services/snippets/update_service.rb
new file mode 100644
index 00000000000..8d2c8cac148
--- /dev/null
+++ b/app/services/snippets/update_service.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Snippets
+  class UpdateService < Snippets::BaseService
+    include SpamCheckMethods
+
+    def execute(snippet)
+      # check that user is allowed to set specified visibility_level
+      new_visibility = visibility_level
+
+      if new_visibility && new_visibility.to_i != snippet.visibility_level
+        unless Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility)
+          deny_visibility_level(snippet, new_visibility)
+
+          return snippet_error_response(snippet, 403)
+        end
+      end
+
+      filter_spam_check_params
+      snippet.assign_attributes(params)
+      spam_check(snippet, current_user)
+
+      snippet_saved = snippet.with_transaction_returning_status do
+        snippet.save && snippet.store_mentions!
+      end
+
+      if snippet_saved
+        Gitlab::UsageDataCounters::SnippetCounter.count(:update)
+
+        ServiceResponse.success(payload: { snippet: snippet } )
+      else
+        snippet_error_response(snippet, 400)
+      end
+    end
+  end
+end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-01-17 03:09:00 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-01-17 03:09:00 +0300
commit	efb0c7f501e4a8883796b5acfdc584e2720febba (patch)
tree	a5870a33d1154a555a46b293aac42dbb4197b31d /app/services/snippets
parent	727b1a890c8e44440414c59611e9ead34d6edc93 (diff)