diff options
| author | Vinnie Okada <vokada@mrvinn.com> | 2015-03-07 22:47:06 +0300 |
|---|---|---|
| committer | Vinnie Okada <vokada@mrvinn.com> | 2015-03-09 02:57:08 +0300 |
| commit | 928fc94c3d900069902b097d6464acee712a886c (patch) | |
| tree | e30cbea42055c082e76881bd36ccd94f72afac8e /lib | |
| parent | 285c5341855f8af6cbea5e964e3104a4698fa450 (diff) | |
Enforce restricted visibilities for snippets
Add new service classes to create and update project and personal
snippets. These classes are responsible for enforcing restricted
visibility settings for non-admin users.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/project_snippets.rb | 22 | ||||
| -rw-r--r-- | lib/gitlab/url_builder.rb | 6 |
2 files changed, 16 insertions, 12 deletions
diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb index 0c2d282f785..25f34a3dab5 100644 --- a/lib/api/project_snippets.rb +++ b/lib/api/project_snippets.rb @@ -42,18 +42,19 @@ module API # title (required) - The title of a snippet # file_name (required) - The name of a snippet file # code (required) - The content of a snippet + # visibility_level (required) - The snippet's visibility # Example Request: # POST /projects/:id/snippets post ":id/snippets" do authorize! :write_project_snippet, user_project - required_attributes! [:title, :file_name, :code] + required_attributes! [:title, :file_name, :code, :visibility_level] - attrs = attributes_for_keys [:title, :file_name] + attrs = attributes_for_keys [:title, :file_name, :visibility_level] attrs[:content] = params[:code] if params[:code].present? - @snippet = user_project.snippets.new attrs - @snippet.author = current_user + @snippet = CreateSnippetservice.new(user_project, current_user, + attrs).execute - if @snippet.save + if @snippet.saved? present @snippet, with: Entities::ProjectSnippet else render_validation_error!(@snippet) @@ -68,19 +69,22 @@ module API # title (optional) - The title of a snippet # file_name (optional) - The name of a snippet file # code (optional) - The content of a snippet + # visibility_level (optional) - The snippet's visibility # Example Request: # PUT /projects/:id/snippets/:snippet_id put ":id/snippets/:snippet_id" do @snippet = user_project.snippets.find(params[:snippet_id]) authorize! :modify_project_snippet, @snippet - attrs = attributes_for_keys [:title, :file_name] + attrs = attributes_for_keys [:title, :file_name, :visibility_level] attrs[:content] = params[:code] if params[:code].present? - if @snippet.update_attributes attrs - present @snippet, with: Entities::ProjectSnippet - else + UpdateSnippetService.new(user_project, current_user, @snippet, + attrs).execute + if @snippet.errors.any? render_validation_error!(@snippet) + else + present @snippet, with: Entities::ProjectSnippet end end diff --git a/lib/gitlab/url_builder.rb b/lib/gitlab/url_builder.rb index 6830d15875a..11b0d44f340 100644 --- a/lib/gitlab/url_builder.rb +++ b/lib/gitlab/url_builder.rb @@ -51,9 +51,9 @@ module Gitlab anchor: "note_#{note.id}") elsif note.for_project_snippet? snippet = Snippet.find(note.noteable_id) - snippet_url(snippet, - host: Gitlab.config.gitlab['url'], - anchor: "note_#{note.id}") + project_snippet_url(snippet, + host: Gitlab.config.gitlab['url'], + anchor: "note_#{note.id}") end end end |