Move action to render board lists to `Projects::Boards::ListsController`

author: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-08-16 01:50:23 +0300
committer: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-08-17 18:58:59 +0300
commit: cd98ff179cb20d9dc4460d173288d0e1582c4293 (patch)
tree: 5ec16f4ca84f95219d2b2a19c245532a7fab8254 /app
parent: c3880d105744dde1c8a30978e0cf13ebe017a91b (diff)
3 files changed, 16 insertions, 13 deletions
diff --git a/app/controllers/projects/boards/lists_controller.rb b/app/controllers/projects/boards/lists_controller.rb
index b426dc25e0d..4726ab88dcf 100644
--- a/app/controllers/projects/boards/lists_controller.rb
+++ b/app/controllers/projects/boards/lists_controller.rb
@@ -1,7 +1,12 @@
 module Projects
   module Boards
     class ListsController < Boards::ApplicationController
-      before_action :authorize_admin_list!
+      before_action :authorize_admin_list!, only: [:create, :update, :destroy, :generate]
+      before_action :authorize_read_list!, only: [:index]
+
+      def index
+        render json: project.board.lists.as_json(only: [:id, :list_type, :position], methods: [:title], include: { label: { only: [:id, :title, :description, :color, :priority] } })
+      end
 
       def create
         list = ::Boards::Lists::CreateService.new(project, current_user, list_params).execute
@@ -49,6 +54,10 @@ module Projects
         return render_403 unless can?(current_user, :admin_list, project)
       end
 
+      def authorize_read_list!
+        return render_403 unless can?(current_user, :read_list, project)
+      end
+
       def list_params
         params.require(:list).permit(:label_id)
       end
diff --git a/app/controllers/projects/boards_controller.rb b/app/controllers/projects/boards_controller.rb
index 052c15f99d0..33206717089 100644
--- a/app/controllers/projects/boards_controller.rb
+++ b/app/controllers/projects/boards_controller.rb
@@ -1,23 +1,15 @@
 class Projects::BoardsController < Projects::ApplicationController
+  respond_to :html
+
   before_action :authorize_read_board!, only: [:show]
 
   def show
-    board = Boards::CreateService.new(project, current_user).execute
-
-    respond_to do |format|
-      format.html
-      format.json { render json: board.lists.as_json(only: [:id, :list_type, :position], methods: [:title], include: { label: { only: [:id, :title, :description, :color, :priority] } }) }
-    end
+    ::Boards::CreateService.new(project, current_user).execute
   end
 
   private
 
   def authorize_read_board!
-    unless can?(current_user, :read_board, project)
-      respond_to do |format|
-        format.html { return access_denied! }
-        format.json { return render_403 }
-      end
-    end
+    return access_denied! unless can?(current_user, :read_board, project)
   end
 end
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 4458ee1d590..55265c3cfcb 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -91,6 +91,7 @@ class Ability
         rules = [
           :read_project,
           :read_board,
+          :read_list,
           :read_wiki,
           :read_label,
           :read_milestone,
@@ -230,6 +231,7 @@ class Ability
         :read_wiki,
         :read_issue,
         :read_board,
+        :read_list,
         :read_label,
         :read_milestone,
         :read_project_snippet,
author	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-08-16 01:50:23 +0300
committer	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-08-17 18:58:59 +0300
commit	cd98ff179cb20d9dc4460d173288d0e1582c4293 (patch)
tree	5ec16f4ca84f95219d2b2a19c245532a7fab8254 /app
parent	c3880d105744dde1c8a30978e0cf13ebe017a91b (diff)