summaryrefslogtreecommitdiff
path: root/lib/api/notes.rb
diff options
context:
space:
mode:
authorLin Jen-Shin <godfat@godfat.org>2017-01-26 17:21:38 +0800
committerLin Jen-Shin <godfat@godfat.org>2017-01-26 17:21:38 +0800
commit4587c78afa5ff5d2bab718bd632264764860d775 (patch)
tree0fb7197a3b94a68746edb3caf65970112703420d /lib/api/notes.rb
parenta6394540327cd3919e5189a35a21b57800a104fc (diff)
parent403cb125f5e2aced8088f24966624519f6e11e29 (diff)
downloadgitlab-ce-4587c78afa5ff5d2bab718bd632264764860d775.tar.gz
Merge remote-tracking branch 'upstream/master' into fix-git-hooks-when-creating-file
* upstream/master: (1122 commits) Update CHANGELOG.md for 8.16.2 Display project ID in project settings (!8572) fixed points from comments to improve code quality Update CHANGELOG.md for 8.14.8 Statisfy eslint Add CHANGELOG entry Fix access to the wiki code via HTTP when repository feature disabled Display fullscreen button on small screens (!5302) Prevent removing fields from dropdowns on input elements fix for all themes Return struct instead of multiple values Fix race conditions for AuthorizedProjectsWorker Add User#nested_groups and User#nested_projects methods Fix spec failure due to timestamp ordering issue in mySQL Fixed error with filter keyboard tests `can?` already includes the `feature_available?` check Test there is no Merge Request button when MRs are disabled Ensure the correct Merge Request button is found Add 409 conflict tests Add CHANGELOG ...
Diffstat (limited to 'lib/api/notes.rb')
-rw-r--r--lib/api/notes.rb26
1 files changed, 16 insertions, 10 deletions
diff --git a/lib/api/notes.rb b/lib/api/notes.rb
index 284e4cf549a..4d2a8f48267 100644
--- a/lib/api/notes.rb
+++ b/lib/api/notes.rb
@@ -70,21 +70,27 @@ module API
end
post ":id/#{noteables_str}/:noteable_id/notes" do
opts = {
- note: params[:body],
- noteable_type: noteables_str.classify,
- noteable_id: params[:noteable_id]
+ note: params[:body],
+ noteable_type: noteables_str.classify,
+ noteable_id: params[:noteable_id]
}
- if params[:created_at] && (current_user.is_admin? || user_project.owner == current_user)
- opts[:created_at] = params[:created_at]
- end
+ noteable = user_project.send(noteables_str.to_sym).find(params[:noteable_id])
+
+ if can?(current_user, noteable_read_ability_name(noteable), noteable)
+ if params[:created_at] && (current_user.is_admin? || user_project.owner == current_user)
+ opts[:created_at] = params[:created_at]
+ end
- note = ::Notes::CreateService.new(user_project, current_user, opts).execute
+ note = ::Notes::CreateService.new(user_project, current_user, opts).execute
- if note.valid?
- present note, with: Entities::const_get(note.class.name)
+ if note.valid?
+ present note, with: Entities::const_get(note.class.name)
+ else
+ not_found!("Note #{note.errors.messages}")
+ end
else
- not_found!("Note #{note.errors.messages}")
+ not_found!("Note")
end
end