diff options
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/api.rb | 1 | ||||
| -rw-r--r-- | lib/api/entities.rb | 3 | ||||
| -rw-r--r-- | lib/api/v3/entities.rb | 34 | ||||
| -rw-r--r-- | lib/api/v3/notes.rb | 148 | ||||
| -rw-r--r-- | lib/api/v3/projects.rb | 4 | ||||
| -rw-r--r-- | lib/api/v3/users.rb | 21 | 
6 files changed, 206 insertions, 5 deletions
| diff --git a/lib/api/api.rb b/lib/api/api.rb index a0282ff8deb..1803387bb8c 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -15,6 +15,7 @@ module API        mount ::API::V3::Members        mount ::API::V3::MergeRequestDiffs        mount ::API::V3::MergeRequests +      mount ::API::V3::Notes        mount ::API::V3::ProjectHooks        mount ::API::V3::Projects        mount ::API::V3::ProjectSnippets diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 400ee7c92aa..85aa6932f81 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -339,9 +339,6 @@ module API        expose :created_at, :updated_at        expose :system?, as: :system        expose :noteable_id, :noteable_type -      # upvote? and downvote? are deprecated, always return false -      expose(:upvote?)    { |note| false } -      expose(:downvote?)  { |note| false }      end      class AwardEmoji < Grape::Entity diff --git a/lib/api/v3/entities.rb b/lib/api/v3/entities.rb index 3cc0dc968a8..11d0e6dbf71 100644 --- a/lib/api/v3/entities.rb +++ b/lib/api/v3/entities.rb @@ -11,6 +11,40 @@ module API            Gitlab::UrlBuilder.build(snippet)          end        end + +      class Note < Grape::Entity +        expose :id +        expose :note, as: :body +        expose :attachment_identifier, as: :attachment +        expose :author, using: ::API::Entities::UserBasic +        expose :created_at, :updated_at +        expose :system?, as: :system +        expose :noteable_id, :noteable_type +        # upvote? and downvote? are deprecated, always return false +        expose(:upvote?)    { |note| false } +        expose(:downvote?)  { |note| false } +      end + +      class Event < Grape::Entity +        expose :title, :project_id, :action_name +        expose :target_id, :target_type, :author_id +        expose :data, :target_title +        expose :created_at +        expose :note, using: Entities::Note, if: ->(event, options) { event.note? } +        expose :author, using: ::API::Entities::UserBasic, if: ->(event, options) { event.author } + +        expose :author_username do |event, options| +          event.author&.username +        end +      end + +      class AwardEmoji < Grape::Entity +        expose :id +        expose :name +        expose :user, using: ::API::Entities::UserBasic +        expose :created_at, :updated_at +        expose :awardable_id, :awardable_type +      end      end    end  end diff --git a/lib/api/v3/notes.rb b/lib/api/v3/notes.rb new file mode 100644 index 00000000000..6531598d590 --- /dev/null +++ b/lib/api/v3/notes.rb @@ -0,0 +1,148 @@ +module API +  module V3 +    class Notes < Grape::API +      include PaginationParams + +      before { authenticate! } + +      NOTEABLE_TYPES = [Issue, MergeRequest, Snippet] + +      params do +        requires :id, type: String, desc: 'The ID of a project' +      end +      resource :projects do +        NOTEABLE_TYPES.each do |noteable_type| +          noteables_str = noteable_type.to_s.underscore.pluralize + +          desc 'Get a list of project +noteable+ notes' do +            success ::API::V3::Entities::Note +          end +          params do +            requires :noteable_id, type: Integer, desc: 'The ID of the noteable' +            use :pagination +          end +          get ":id/#{noteables_str}/:noteable_id/notes" do +            noteable = user_project.send(noteables_str.to_sym).find(params[:noteable_id]) + +            if can?(current_user, noteable_read_ability_name(noteable), noteable) +              # We exclude notes that are cross-references and that cannot be viewed +              # by the current user. By doing this exclusion at this level and not +              # at the DB query level (which we cannot in that case), the current +              # page can have less elements than :per_page even if +              # there's more than one page. +              notes = +                # paginate() only works with a relation. This could lead to a +                # mismatch between the pagination headers info and the actual notes +                # array returned, but this is really a edge-case. +                paginate(noteable.notes). +                reject { |n| n.cross_reference_not_visible_for?(current_user) } +              present notes, with: ::API::V3::Entities::Note +            else +              not_found!("Notes") +            end +          end + +          desc 'Get a single +noteable+ note' do +            success ::API::V3::Entities::Note +          end +          params do +            requires :note_id, type: Integer, desc: 'The ID of a note' +            requires :noteable_id, type: Integer, desc: 'The ID of the noteable' +          end +          get ":id/#{noteables_str}/:noteable_id/notes/:note_id" do +            noteable = user_project.send(noteables_str.to_sym).find(params[:noteable_id]) +            note = noteable.notes.find(params[:note_id]) +            can_read_note = can?(current_user, noteable_read_ability_name(noteable), noteable) && !note.cross_reference_not_visible_for?(current_user) + +            if can_read_note +              present note, with: ::API::V3::Entities::Note +            else +              not_found!("Note") +            end +          end + +          desc 'Create a new +noteable+ note' do +            success ::API::V3::Entities::Note +          end +          params do +            requires :noteable_id, type: Integer, desc: 'The ID of the noteable' +            requires :body, type: String, desc: 'The content of a note' +            optional :created_at, type: String, desc: 'The creation date of the note' +          end +          post ":id/#{noteables_str}/:noteable_id/notes" do +            opts = { +              note: params[:body], +              noteable_type: noteables_str.classify, +              noteable_id: params[:noteable_id] +            } + +            noteable = user_project.send(noteables_str.to_sym).find(params[:noteable_id]) + +            if can?(current_user, noteable_read_ability_name(noteable), noteable) +              if params[:created_at] && (current_user.is_admin? || user_project.owner == current_user) +                opts[:created_at] = params[:created_at] +              end + +              note = ::Notes::CreateService.new(user_project, current_user, opts).execute +              if note.valid? +                present note, with: ::API::V3::Entities::const_get(note.class.name) +              else +                not_found!("Note #{note.errors.messages}") +              end +            else +              not_found!("Note") +            end +          end + +          desc 'Update an existing +noteable+ note' do +            success ::API::V3::Entities::Note +          end +          params do +            requires :noteable_id, type: Integer, desc: 'The ID of the noteable' +            requires :note_id, type: Integer, desc: 'The ID of a note' +            requires :body, type: String, desc: 'The content of a note' +          end +          put ":id/#{noteables_str}/:noteable_id/notes/:note_id" do +            note = user_project.notes.find(params[:note_id]) + +            authorize! :admin_note, note + +            opts = { +              note: params[:body] +            } + +            note = ::Notes::UpdateService.new(user_project, current_user, opts).execute(note) + +            if note.valid? +              present note, with: ::API::V3::Entities::Note +            else +              render_api_error!("Failed to save note #{note.errors.messages}", 400) +            end +          end + +          desc 'Delete a +noteable+ note' do +            success ::API::V3::Entities::Note +          end +          params do +            requires :noteable_id, type: Integer, desc: 'The ID of the noteable' +            requires :note_id, type: Integer, desc: 'The ID of a note' +          end +          delete ":id/#{noteables_str}/:noteable_id/notes/:note_id" do +            note = user_project.notes.find(params[:note_id]) +            authorize! :admin_note, note + +            ::Notes::DestroyService.new(user_project, current_user).execute(note) + +            present note, with: ::API::V3::Entities::Note +          end +        end +      end + +      helpers do +        def noteable_read_ability_name(noteable) +          "read_#{noteable.class.to_s.underscore}".to_sym +        end +      end +    end +  end +end diff --git a/lib/api/v3/projects.rb b/lib/api/v3/projects.rb index 6796da83f07..4bc836f2a3a 100644 --- a/lib/api/v3/projects.rb +++ b/lib/api/v3/projects.rb @@ -232,13 +232,13 @@ module API          end          desc 'Get events for a single project' do -          success ::API::Entities::Event +          success ::API::V3::Entities::Event          end          params do            use :pagination          end          get ":id/events" do -          present paginate(user_project.events.recent), with: ::API::Entities::Event +          present paginate(user_project.events.recent), with: ::API::V3::Entities::Event          end          desc 'Fork new project for the current user or provided namespace.' do diff --git a/lib/api/v3/users.rb b/lib/api/v3/users.rb index e05e457a5df..7838cdc46a7 100644 --- a/lib/api/v3/users.rb +++ b/lib/api/v3/users.rb @@ -71,6 +71,27 @@ module API              user.activate            end          end + +        desc 'Get the contribution events of a specified user' do +          detail 'This feature was introduced in GitLab 8.13.' +          success ::API::V3::Entities::Event +        end +        params do +          requires :id, type: Integer, desc: 'The ID of the user' +          use :pagination +        end +        get ':id/events' do +          user = User.find_by(id: params[:id]) +          not_found!('User') unless user + +          events = user.events. +            merge(ProjectsFinder.new.execute(current_user)). +            references(:project). +            with_associations. +            recent + +          present paginate(events), with: ::API::V3::Entities::Event +        end        end        resource :user do | 
