summaryrefslogtreecommitdiff
path: root/lib/api
diff options
context:
space:
mode:
authorVinnie Okada <vokada@mrvinn.com>2015-03-07 12:47:06 -0700
committerVinnie Okada <vokada@mrvinn.com>2015-03-08 17:57:08 -0600
commit928fc94c3d900069902b097d6464acee712a886c (patch)
treee30cbea42055c082e76881bd36ccd94f72afac8e /lib/api
parent285c5341855f8af6cbea5e964e3104a4698fa450 (diff)
downloadgitlab-ce-928fc94c3d900069902b097d6464acee712a886c.tar.gz
Enforce restricted visibilities for snippets
Add new service classes to create and update project and personal snippets. These classes are responsible for enforcing restricted visibility settings for non-admin users.
Diffstat (limited to 'lib/api')
-rw-r--r--lib/api/project_snippets.rb22
1 files changed, 13 insertions, 9 deletions
diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb
index 0c2d282f785..25f34a3dab5 100644
--- a/lib/api/project_snippets.rb
+++ b/lib/api/project_snippets.rb
@@ -42,18 +42,19 @@ module API
# title (required) - The title of a snippet
# file_name (required) - The name of a snippet file
# code (required) - The content of a snippet
+ # visibility_level (required) - The snippet's visibility
# Example Request:
# POST /projects/:id/snippets
post ":id/snippets" do
authorize! :write_project_snippet, user_project
- required_attributes! [:title, :file_name, :code]
+ required_attributes! [:title, :file_name, :code, :visibility_level]
- attrs = attributes_for_keys [:title, :file_name]
+ attrs = attributes_for_keys [:title, :file_name, :visibility_level]
attrs[:content] = params[:code] if params[:code].present?
- @snippet = user_project.snippets.new attrs
- @snippet.author = current_user
+ @snippet = CreateSnippetservice.new(user_project, current_user,
+ attrs).execute
- if @snippet.save
+ if @snippet.saved?
present @snippet, with: Entities::ProjectSnippet
else
render_validation_error!(@snippet)
@@ -68,19 +69,22 @@ module API
# title (optional) - The title of a snippet
# file_name (optional) - The name of a snippet file
# code (optional) - The content of a snippet
+ # visibility_level (optional) - The snippet's visibility
# Example Request:
# PUT /projects/:id/snippets/:snippet_id
put ":id/snippets/:snippet_id" do
@snippet = user_project.snippets.find(params[:snippet_id])
authorize! :modify_project_snippet, @snippet
- attrs = attributes_for_keys [:title, :file_name]
+ attrs = attributes_for_keys [:title, :file_name, :visibility_level]
attrs[:content] = params[:code] if params[:code].present?
- if @snippet.update_attributes attrs
- present @snippet, with: Entities::ProjectSnippet
- else
+ UpdateSnippetService.new(user_project, current_user, @snippet,
+ attrs).execute
+ if @snippet.errors.any?
render_validation_error!(@snippet)
+ else
+ present @snippet, with: Entities::ProjectSnippet
end
end