diff options
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/helpers.rb | 4 | ||||
| -rw-r--r-- | lib/api/notes.rb | 10 | 
2 files changed, 8 insertions, 6 deletions
| diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 1003b596aec..40c967453fb 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -397,9 +397,5 @@ module API        error!(errors[:access_level], 422) if errors[:access_level].any?        not_found!(errors)      end - -    def noteable_ability_name(noteable) -      "read_#{noteable.class.to_s.underscore.downcase}".to_sym -    end    end  end diff --git a/lib/api/notes.rb b/lib/api/notes.rb index c49b107d1d9..d4fcfd3d4d3 100644 --- a/lib/api/notes.rb +++ b/lib/api/notes.rb @@ -21,7 +21,7 @@ module API          get ":id/#{noteables_str}/:#{noteable_id_str}/notes" do            @noteable = user_project.send(noteables_str.to_sym).find(params[noteable_id_str.to_sym]) -          if can?(current_user, noteable_ability_name(@noteable), @noteable) +          if can?(current_user, noteable_read_ability_name(@noteable), @noteable)              # We exclude notes that are cross-references and that cannot be viewed              # by the current user. By doing this exclusion at this level and not              # at the DB query level (which we cannot in that case), the current @@ -51,7 +51,7 @@ module API          get ":id/#{noteables_str}/:#{noteable_id_str}/notes/:note_id" do            @noteable = user_project.send(noteables_str.to_sym).find(params[noteable_id_str.to_sym])            @note = @noteable.notes.find(params[:note_id]) -          can_read_note = can?(current_user, noteable_ability_name(@noteable), @noteable) && !@note.cross_reference_not_visible_for?(current_user) +          can_read_note = can?(current_user, noteable_read_ability_name(@noteable), @noteable) && !@note.cross_reference_not_visible_for?(current_user)            if can_read_note              present @note, with: Entities::Note @@ -141,5 +141,11 @@ module API          end        end      end + +    helpers do +      def noteable_read_ability_name(noteable) +        "read_#{noteable.class.to_s.underscore.downcase}".to_sym +      end +    end    end  end | 
