diff options
author | Vinnie Okada <vokada@mrvinn.com> | 2015-03-07 12:47:06 -0700 |
---|---|---|
committer | Vinnie Okada <vokada@mrvinn.com> | 2015-03-08 17:57:08 -0600 |
commit | 928fc94c3d900069902b097d6464acee712a886c (patch) | |
tree | e30cbea42055c082e76881bd36ccd94f72afac8e /lib/api | |
parent | 285c5341855f8af6cbea5e964e3104a4698fa450 (diff) | |
download | gitlab-ce-928fc94c3d900069902b097d6464acee712a886c.tar.gz |
Enforce restricted visibilities for snippets
Add new service classes to create and update project and personal
snippets. These classes are responsible for enforcing restricted
visibility settings for non-admin users.
Diffstat (limited to 'lib/api')
-rw-r--r-- | lib/api/project_snippets.rb | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb index 0c2d282f785..25f34a3dab5 100644 --- a/lib/api/project_snippets.rb +++ b/lib/api/project_snippets.rb @@ -42,18 +42,19 @@ module API # title (required) - The title of a snippet # file_name (required) - The name of a snippet file # code (required) - The content of a snippet + # visibility_level (required) - The snippet's visibility # Example Request: # POST /projects/:id/snippets post ":id/snippets" do authorize! :write_project_snippet, user_project - required_attributes! [:title, :file_name, :code] + required_attributes! [:title, :file_name, :code, :visibility_level] - attrs = attributes_for_keys [:title, :file_name] + attrs = attributes_for_keys [:title, :file_name, :visibility_level] attrs[:content] = params[:code] if params[:code].present? - @snippet = user_project.snippets.new attrs - @snippet.author = current_user + @snippet = CreateSnippetservice.new(user_project, current_user, + attrs).execute - if @snippet.save + if @snippet.saved? present @snippet, with: Entities::ProjectSnippet else render_validation_error!(@snippet) @@ -68,19 +69,22 @@ module API # title (optional) - The title of a snippet # file_name (optional) - The name of a snippet file # code (optional) - The content of a snippet + # visibility_level (optional) - The snippet's visibility # Example Request: # PUT /projects/:id/snippets/:snippet_id put ":id/snippets/:snippet_id" do @snippet = user_project.snippets.find(params[:snippet_id]) authorize! :modify_project_snippet, @snippet - attrs = attributes_for_keys [:title, :file_name] + attrs = attributes_for_keys [:title, :file_name, :visibility_level] attrs[:content] = params[:code] if params[:code].present? - if @snippet.update_attributes attrs - present @snippet, with: Entities::ProjectSnippet - else + UpdateSnippetService.new(user_project, current_user, @snippet, + attrs).execute + if @snippet.errors.any? render_validation_error!(@snippet) + else + present @snippet, with: Entities::ProjectSnippet end end |